Re: Do you have a FreeBSD NAT gateway?
- From: Torfinn Ingolfsen <tingo@xxxxxxxx>
- Date: Tue, 28 Nov 2006 18:16:35 +0100
Keve Nagy wrote:
There surely must be some of you sharing a DSL/Cable internet connection using a FreeBSD gateway machine.
Yep, I do that.
My setup is as follows: my xDSL provider provides a router, not a modem, which means that it does NAT already at the router.
I have configured the xDSL router to forward all ports (or at least all ports I'm interested in) to my firewall / NAT gateway.
In addition, I also had to add rules to this router to let it pass the traffic that I'm interested in (example: for http I have one "pass traffic" rule and one "forward this to ip" rule. Get it?)
The firewall / NAT gateway (this is the FreeBSD box) sits between the xDSL router and the switch to my network
This box also does NAT (using natd) and firewalling (using ipfw).
So in effect, I do double NAT. Works for me.
In addition, I run named (local zone + forwarders) on the box.
Does it work properly for you?
Yes, it does.
My Mac mini behind the NAT gateway has strange connection problems. In general, the inetrnet access does works. The majority of webpages (like www.freebsd.org, www.hu.freebsd.org, or fsn.hu) appear to work the same way as the mini had the direct connection. But there are some webpages which are extremely slow to load, although they do show up finally. Also, if I click on a pdf or zip URL to download a file, the download shows up in Safari's download manager immediately and then the progress bar doesn't move for about 50-120 seconds, after which it starts and
Hmm, if I were you I would look for DNS issues. How to do that under OSX I don't know.
Have you ever experienced similar issues?
Nope, my network was already working properly when I installed my Mac mini.
For those of you who have a FreeBSD NAT gateway working fine, how did you do it? Do you use the NAT feature of pf or do you use the NAT at the OS level (I mean the enable_nat="YES" in rc.conf)?
Eh... ummm.. My gateway isn't running the newest version of FreeBSD, I'm using natd and ipfw.
If you are using pf my guess is that it would make sense to use both firewall and nat in pf, because you would have only one place to update your rules when you must change / add something.
Do you also run named on the gateway?
Yep, see above.
As to me my problems seem to be related to the time the connection is established between the internal client and the external host across the gateway. Once that is done, the data exchange seems to work fine. I wonder if using a caching-named would improve (maybe even solve) my problems.
Probably, if that is were the problem is.
Which takes longer for you; setting up a caching dns on you gateway, or testing for dns problems on your Mac mini?
Very often, issues relating to long startup times (ie.long times to initiate connections) are DNS issues.
Today, a network needs working dns, there are just too many services (web, ssh, mail, etc.) that rely on a working dns setup.
When you test for dns issues, always remember to the both the forward (name to ip address) and the reverse (ip address to name) dns lookup
--
Torfinn Ingolfsen,
Norway
.
- References:
- Do you have a FreeBSD NAT gateway?
- From: Keve Nagy
- Do you have a FreeBSD NAT gateway?
- Prev by Date: array migration >4TB. Creating a second partition
- Next by Date: Re: What good can FreeBSD do? (in the presence of OpenBSD)
- Previous by thread: Do you have a FreeBSD NAT gateway?
- Next by thread: Re: Do you have a FreeBSD NAT gateway?
- Index(es):
Relevant Pages
|
|
