Re: natd + ipfw - very slow internet for LAN users

• Previous message: Jason Dictos: "RE: Using int 13 while BSD is running"
• Maybe in reply to: Prodigy: "natd + ipfw - very slow internet for LAN users"
• Next in thread: Prodigy: "Re: natd + ipfw - very slow internet for LAN users"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "freebsd-questions" <freebsd-questions@freebsd.org>
Date: Wed, 10 Mar 2004 19:32:06 +0200

> Ping to an ip address does not use DNS.
> What is response time when you use ping domain name?
It's ~250ms for google.com and other domains (good enough too).

> I see you have forced ip address for your nic card connected to the
> public internet by using rc.conf statement.
> This looks wrong to me.
What's wrong with it? Can u give me other solutions? But anyway, with ipf +
ipnat the internet speed is OK.

> Explain in detail how you connection to your ISP and the layout of
> your private network.
Our ISP gave us ip and gateway, thats how we connect to internet (over dsl
modem threw lan card).
Some computers are connected in LAN via SWITCH. My router is connected to
that switch too. Lan users have configured their OS, that gateway is
192.168.0.1 (my router's LAN ip address).

> -----Original Message-----
> From: owner-freebsd-questions@freebsd.org
> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Prodigy
> Sent: Wednesday, March 10, 2004 10:18 AM
> To: freebsd-questions
> Subject: natd + ipfw - very slow internet for LAN users
>
> Hi,
>
> i'm sharing internet to my local area network (LAN) users with my
> router. Everything would be fine, but internet is very slow. I
> tried to ping my ISP. Ping reply is ~50ms. It means, that internet
> for LAN users should be good enough, but it isn't. Ping reply in IRC
> is ~15 seconds. Then I try to open some internet pages, there is
> very big lag. Something is wrong with nating i think, can u tell me
> what? FreeBSD4.9-STABLE ipfw + natd
>
>
> Kernel configuration:
>
> # ... Some other stuff goes here
> options IPFIREWALL
> options IPFIREWALL_FORWARD
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_VERBOSE_LIMIT=10
> options IPFIREWALL_DEFAULT_TO_ACCEPT # Firewall is accepting
> all packets by default
> options IPDIVERT
> # ... Some other stuff goes here
>
>
> rc.conf:
>
> defaultrouter="213.190.42.1" # ISP gateway
> hostname="panemune.net"
> ifconfig_ed0="inet 192.168.0.1 netmask 255.255.255.0" # Network
> (LAN) interface
> ifconfig_ed1="inet 213.190.42.48 netmask 255.255.255.0" # Internet
> (outside) interface
> # ... here goes some other stuff, like sshd_enable="YES", etc
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_script="/usr/local/etc/rc.firewall"
> firewall_quiet="YES"
> firewall_logging="YES"
> natd_enable="YES"
> natd_interface="ed1"
> natd_flags="-f /usr/local/etc/natd.conf"
>
>
> # cat /usr/local/etc/natd.conf
> same_ports yes
> use_sockets yes
> unregistered_only yes
>
> # cat /usr/local/etc/rc.firewall
> ipfw add 100 divert natd all from any to any via ed1
>
> # ipfw show
> 00100 469 26801 divert 8668 ip from any to any via ed1
> 65535 1072 60182 allow ip from any to any
>
> # cat /etc/services | grep natd
> natd 8668/divert # Network Address Translation
>
>
>
> Btw, when I used ipf + ipnat, internet for LAN users was good
> enough, but now it's horrible with natd + ipfw.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Jason Dictos: "RE: Using int 13 while BSD is running"
• Maybe in reply to: Prodigy: "natd + ipfw - very slow internet for LAN users"
• Next in thread: Prodigy: "Re: natd + ipfw - very slow internet for LAN users"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]