natd + ipfw - very slow internet for LAN users

2004-03-10 Thread Prodigy 
Hi,

i'm sharing internet to my local area network (LAN) users with my router.  Everything 
would be fine, but internet is very slow. I tried to ping my ISP. Ping reply is ~50ms. 
It means, that internet for LAN users should be good enough, but it isn't. Ping reply 
in IRC is ~15 seconds. Then I try to open some internet pages, there is very big lag. 
Something is wrong with nating i think, can u tell me what? FreeBSD4.9-STABLE ipfw + 
natd


Kernel configuration:

# ... Some other stuff goes here
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT # Firewall is accepting all packets by 
default
options IPDIVERT
# ... Some other stuff goes here


rc.conf:

defaultrouter=213.190.42.1 # ISP gateway
hostname=panemune.net
ifconfig_ed0=inet 192.168.0.1 netmask 255.255.255.0 # Network (LAN) interface
ifconfig_ed1=inet 213.190.42.48 netmask 255.255.255.0 # Internet (outside) interface
# ... here goes some other stuff, like sshd_enable=YES, etc
gateway_enable=YES
firewall_enable=YES
firewall_script=/usr/local/etc/rc.firewall
firewall_quiet=YES
firewall_logging=YES
natd_enable=YES
natd_interface=ed1
natd_flags=-f /usr/local/etc/natd.conf


# cat /usr/local/etc/natd.conf
same_ports yes
use_sockets yes
unregistered_only yes

# cat /usr/local/etc/rc.firewall
ipfw add 100 divert natd all from any to any via ed1

# ipfw show
00100  469 26801 divert 8668 ip from any to any via ed1
65535 1072 60182 allow ip from any to any

# cat /etc/services | grep natd
natd8668/divert # Network Address Translation



Btw, when I used ipf + ipnat, internet for LAN users was good enough, but now it's 
horrible with natd + ipfw.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: natd + ipfw - very slow internet for LAN users

2004-03-10 Thread Prodigy 
 Ping to an ip address does not use DNS.
 What is response time when you use ping domain name?
It's ~250ms for google.com and other domains (good enough too).

 I see you have forced ip address for your nic card connected to the
 public internet by using rc.conf statement.
 This looks wrong to me.
What's wrong with it? Can u give me other solutions? But anyway, with ipf +
ipnat the internet speed is OK.

 Explain in detail how you connection to your ISP and the layout of
 your private network.
Our ISP gave us ip and gateway, thats how we connect to internet (over dsl
modem threw lan card).
Some computers are connected in LAN via SWITCH. My router is connected to
that switch too. Lan users have configured their OS, that gateway is
192.168.0.1 (my router's LAN ip address).

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Prodigy
 Sent: Wednesday, March 10, 2004 10:18 AM
 To: freebsd-questions
 Subject: natd + ipfw - very slow internet for LAN users

 Hi,

 i'm sharing internet to my local area network (LAN) users with my
 router.  Everything would be fine, but internet is very slow. I
 tried to ping my ISP. Ping reply is ~50ms. It means, that internet
 for LAN users should be good enough, but it isn't. Ping reply in IRC
 is ~15 seconds. Then I try to open some internet pages, there is
 very big lag. Something is wrong with nating i think, can u tell me
 what? FreeBSD4.9-STABLE ipfw + natd


 Kernel configuration:

 # ... Some other stuff goes here
 options IPFIREWALL
 options IPFIREWALL_FORWARD
 options IPFIREWALL_VERBOSE
 options IPFIREWALL_VERBOSE_LIMIT=10
 options IPFIREWALL_DEFAULT_TO_ACCEPT # Firewall is accepting
 all packets by default
 options IPDIVERT
 # ... Some other stuff goes here


 rc.conf:

 defaultrouter=213.190.42.1 # ISP gateway
 hostname=panemune.net
 ifconfig_ed0=inet 192.168.0.1 netmask 255.255.255.0 # Network
 (LAN) interface
 ifconfig_ed1=inet 213.190.42.48 netmask 255.255.255.0 # Internet
 (outside) interface
 # ... here goes some other stuff, like sshd_enable=YES, etc
 gateway_enable=YES
 firewall_enable=YES
 firewall_script=/usr/local/etc/rc.firewall
 firewall_quiet=YES
 firewall_logging=YES
 natd_enable=YES
 natd_interface=ed1
 natd_flags=-f /usr/local/etc/natd.conf


 # cat /usr/local/etc/natd.conf
 same_ports yes
 use_sockets yes
 unregistered_only yes

 # cat /usr/local/etc/rc.firewall
 ipfw add 100 divert natd all from any to any via ed1

 # ipfw show
 00100  469 26801 divert 8668 ip from any to any via ed1
 65535 1072 60182 allow ip from any to any

 # cat /etc/services | grep natd
 natd8668/divert # Network Address Translation



 Btw, when I used ipf + ipnat, internet for LAN users was good
 enough, but now it's horrible with natd + ipfw.
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 [EMAIL PROTECTED]


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]