Networking issues with 7.0-Release?

I have a brand new 7.0 install setup as a router for my home network,
but I am seeing:
- High levels of packet loss
- Poor external DNS performance (websites, etc.)
- Poor data throughput

It's very possible that I have set up something incorrectly as this is
my first FreeBSD installation (been using Linux as a router for
awhile). I DEFINITELY saw a large slowdown switching from my store-
bought router to FreeBSD 7.0 though. Sites take longer to resolve and
load than they had with the store-bought router.

I have seen a few people here and there complaining about network
performance in 7.0 (I even saw some bug reports submitted
http://www.freebsd.org/cgi/query-pr.cgi?pr=misc/117255), but I want to
make sure it's not something in my setup.

Does anyone have any ideas?

Here's my network setup:


Internet
|
nfe0
------------ ath0 (wireless)
|
------------ rl0 (hooked into switch - unused)

cat /etc/rc.conf

# -- sysinstall generated deltas -- # Sun Mar 2 20:43:38 2008
# Created: Sun Mar 2 20:43:38 2008
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/
rc.conf.

hostname="tenchi.local"

# Services
linux_enable="YES"
sshd_enable="YES"
sendmail_enable="NO"
dnsmasq_enable="YES"

# Interfaces
ifconfig_nfe0="DHCP"
ifconfig_ath0="inet 10.0.0.1 netmask 255.255.255.0 ssid foo channel 11
mediaopt hostap"
ifconfig_rl0="inet 10.0.1.1 netmask 255.255.255.0"

# Firewall
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"

# NAT
gateway_enable="YES"
router_enable="YES"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"


cat /etc/resolv.conf

# OpenDNS nameservers - just to be sure. Tried ISP's as well.
nameserver 208.67.222.222
nameserver 208.67.220.220.


I am using dnsmasq to serve dhcp and dns queries.
cat /usr/local/etc/dnsmasq.conf |grep ^[^#]

domain-needed
bogus-priv
filterwin2k
local=/local/
except-interface=nfe0
bind-interfaces
expand-hosts
domain=local
dhcp-range=10.0.0.50,10.0.0.254,255.255.255.0,infinite
dhcp-range=10.0.1.0,10.0.1.254,255.255.255.0,infinite
dhcp-host=washu
dhcp-host=ryoko
dhcp-host=bubbles
dhcp-host=win-washu


netstat -i

Name Mtu Network Address Ipkts Ierrs Opkts
Oerrs Coll
nfe0 1500 <Link#1> 00:0c:76:09:06:94 2743104 0
55150 0 0
nfe0 1500 (public ip)/2 (public address) 32387 - 27209
- -
rl0* 1500 <Link#2> 00:08:a1:57:90:3e 1697 0
2891 0 0
rl0* 1500 10.0.1.0 10.0.1.1 5 -
6 - -
ath0 1500 <Link#3> 00:0f:b5:f9:ea:29 32088 10401 59139
63 0
ath0 1500 10.0.0.0 tenchi 3503 -
1947 - -
plip0 1500 <Link#4> 0 0
0 0 0
lo0 16384 <Link#5> 103 0
103 0 0
lo0 16384 fe80:5::1 fe80:5::1 0 -
0 - -
lo0 16384 ::1 ::1 0 -
0 - -
lo0 16384 your-net localhost 79 -
79 - -

ifconfig:

nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
options=8<VLAN_MTU>
ether 00:0c:76:09:06:94
inet (public IP) netmask 0xfffffc00 broadcast 255.255.255.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:08:a1:57:90:3e
inet 10.0.1.1 netmask 0xffffff00 broadcast 10.0.1.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
ether 00:0f:b5:f9:ea:29
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
media: IEEE 802.11 Wireless Ethernet autoselect <hostap>
(autoselect <hostap>)
status: associated
ssid cox channel 11 (2462 Mhz 11g) bssid 00:0f:b5:f9:ea:29
authmode OPEN privacy OFF txpower 31.5 scanvalid 60 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi11g 7 roam:rate11g 5
protmode CTS burst dtimperiod 1
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0
mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000

cat /etc/ipf.rules (ipfilter rules):

# Unrestricted internal access
pass out quick on rl0 all
pass in quick on rl0 all
pass out quick on ath0 all
pass in quick on ath0 all
pass out quick on lo0 all
pass in quick on lo0 all

# Allow ssh in
pass in quick on nfe0 proto tcp from any to any port = 22 flags S keep
state

# Allow anything out
pass out quick on nfe0 proto tcp all flags S keep state
pass out quick on nfe0 proto udp all keep state
pass out quick on nfe0 proto icmp all keep state

# Block all by default
block in log first quick on nfe0 all

cat /etc/ipnat.rules (ipnat rules):

map nfe0 10.0.0.1/24 -> 0/32
map nfe0 10.0.1.1/24 -> 0/32
.

Relevant Pages

  • Re: Two error messages
    ... Each computer can connect to the internet without ... >> visible in Network Neighborhood, ... >router and I entered the IP static address assigned to me by my ISP. ... The best way for a "clean sweep" would be for you to setup both computers to get ...
    (microsoft.public.windowsxp.network_web)
  • Re: Adding site to Domain, question about configuring before deploy
    ... I have a remote access controller setup that allows me to attach ... to the console w/o the machine be attached to the network. ... >> showing different IP subnets and there will not be a router between them ...
    (microsoft.public.win2000.active_directory)
  • Trying to use FreeBSD as a home router, how to setup VOIP to pass through?
    ... My home network is currently setup with a lowend router from my phone ... that i'd like to move the voip router behind the freebsd machine. ...
    (freebsd-questions)
  • Re: HELP PLEASE?
    ... > I have tried wireless router and modem to establish a network...... ... > I have a new belkin setup to try and get sorted, ... > basic network and I am damned if I can get it to work. ...
    (alt.os.windows-xp)
  • Re: Using Remote Desktop From an SBS Domain
    ... After I thought about needing 3389 forwarded on my router to allow me to ... Remote Desktop "out" from a workstation on my SBS network to a host XP ... Hopefully next week I can attempt a connection while my ISP watches the ...
    (microsoft.public.windows.server.sbs)