Not very helpful, but have you ever tried using ipfilter? I've found that
configuring it is much easier, and it is somewhat faster on slow machines since
it runs entirely in the kernel (avoids a lot of transferring data to and from
userland like ipfw + natd).
Ken
Thanks for your sets, but anyway internet is very slow :(
# ipfw show 00100 617 59829 divert 8668 ip from any to any via ed1 00200 617 59829 allow ip from 213.190.42.48 to any keep-state via ed1 00300 1213 101401 allow ip from 192.168.0.0/24 to any keep-state via ed0 65535 409 26377 allow ip from any to any
# cat /usr/local/etc/ipfw.conf fw="/sbin/ipfw -q" oif="ed1" iif="ed0"
${fw} add divert natd all from any to any via ${oif} ${fw} add allow all from 213.190.42.48 to any keep-state via ${oif} ${fw} add allow all from 192.168.0.1/24 to any keep-state via ${iif}
Btw, i have a static internet ip address, not the dynamic. I have read the man ipfw BUGS section, but still I can't understand, how can i solve my problem.
----- Original Message ----- From: "jon" <[EMAIL PROTECTED]> To: "Prodigy" <[EMAIL PROTECTED]> Sent: Thursday, March 11, 2004 2:43 PM Subject: Re: natd + ipfw - very slow internet for LAN users
my set looks like this
fw="/sbin/ipfw -q" oif="xl1" iif="xl0"
${fw} add divert natd all from any to any via ${oif} ${fw} add allow all from ${oip} to any keep-state via ${oif} ${fw} add allow all from 192.168.1.1/24 to any keep-state via ${iif}
good luck
* Prodigy <[EMAIL PROTECTED]> [2004-03-10 17:17:52 +0200]:
> Hi, > > i'm sharing internet to my local area network (LAN) users with myrouter. Everything would be fine, but internet is very slow. I tried to ping my ISP. Ping reply is ~50ms. It means, that internet for LAN users should be good enough, but it isn't. Ping reply in IRC is ~15 seconds. Then I try to open some internet pages, there is very big lag. Something is wrong with nating i think, can u tell me what? FreeBSD4.9-STABLE ipfw + natdpackets by default> > > Kernel configuration: > > # ... Some other stuff goes here > options IPFIREWALL > options IPFIREWALL_FORWARD > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=10 > options IPFIREWALL_DEFAULT_TO_ACCEPT # Firewall is accepting allinterface> options IPDIVERT > # ... Some other stuff goes here > > > rc.conf: > > defaultrouter="213.190.42.1" # ISP gateway > hostname="panemune.net" > ifconfig_ed0="inet 192.168.0.1 netmask 255.255.255.0" # Network (LAN)> ifconfig_ed1="inet 213.190.42.48 netmask 255.255.255.0" # Internet(outside) interfacebut now it's horrible with natd + ipfw.> # ... here goes some other stuff, like sshd_enable="YES", etc > gateway_enable="YES" > firewall_enable="YES" > firewall_script="/usr/local/etc/rc.firewall" > firewall_quiet="YES" > firewall_logging="YES" > natd_enable="YES" > natd_interface="ed1" > natd_flags="-f /usr/local/etc/natd.conf" > > > # cat /usr/local/etc/natd.conf > same_ports yes > use_sockets yes > unregistered_only yes > > # cat /usr/local/etc/rc.firewall > ipfw add 100 divert natd all from any to any via ed1 > > # ipfw show > 00100 469 26801 divert 8668 ip from any to any via ed1 > 65535 1072 60182 allow ip from any to any > > # cat /etc/services | grep natd > natd 8668/divert # Network Address Translation > > > > Btw, when I used ipf + ipnat, internet for LAN users was good enough,"[EMAIL PROTECTED]"> _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail toreboot...
-- Jon This is BSD country. If you listen carefully, you can hear Windows
For GnuPG/PGP key send message to [EMAIL PROTECTED] with subject "key request pgp" or "key request gnupg".
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"