From owner-freebsd-questions Sun Aug 18 19: 8:28 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F6A437B400 for ; Sun, 18 Aug 2002 19:08:26 -0700 (PDT) Received: from services.webwarrior.net (overlord-host99.dsl.visi.com [209.98.86.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F83343E3B for ; Sun, 18 Aug 2002 19:08:26 -0700 (PDT) (envelope-from friar_josh@webwarrior.net) Received: from markx.vladsempire.net (12-218-27-215.client.mchsi.com [12.218.27.215]) by services.webwarrior.net (Postfix) with ESMTP id 2B20C24FA5; Sun, 18 Aug 2002 21:08:18 +0000 (GMT) Subject: Re: IPFilter/IPnat huge packet losses From: Josh Paetzel Reply-To: friar_josh@webwarrior.net To: Leigh V Cc: freebsd-questions@FreeBSD.ORG, Jim Arnold In-Reply-To: <003401c2471a$378c2b50$2d01a8c0@michael> References: <003401c2471a$378c2b50$2d01a8c0@michael> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.5 Date: 18 Aug 2002 21:06:59 +0000 Message-Id: <1029704820.224.7.camel@markx.vladsempire.net> Mime-Version: 1.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 2002-08-19 at 00:49, Leigh V wrote: > Hmm I don't know whats wrong. A quick glance at your ruleset and it looked > ok > You can try my ipfilter / ipnat setup script www.roq.com/bsd/ which I have > had a number of emails back claiming success. > > ----- Original Message ----- > From: "Jim Arnold" > To: > Sent: Monday, August 19, 2002 4:00 AM > Subject: IPFilter/IPnat huge packet losses > > > > Currently I run "The Wall," a floppy-based FreeBSD distro that uses > > IPFW and natd. This > > setup has worked wonderfully. I don't have packet losses with this > > setup from the firewall > > or inside the lan. > > > > A few weeks ago I acquired a pentium 233 box and decided to see if I could > load > > FreeBSD stable and use IPFilter and ipnat as my firewall. The system > > install and upgrade > > to 4.6 stable with a kernel recompile was a breeze. Getting IPfilter > > to work is another matter... > > > > Right now I'm seeing packet losses from anywhere in the 20 to 80 > > percent range when pinging > > an outside host from inside the firewall. From the firewall itself I > > get 0% packet losses. Your setup looked ok to me. Have you tried adding pass in all quick and pass out all quick type rule and then tested your pinging? If it works you know it's your firewall ruleset, If it doesn't, then you know the problem is elsewhere. I only mention this because firewalls and nat setups normally either allow or block something. If icmp packet #4 gets through, how is that different than #2 or #3 or #5? See where I'm headed with this logic? Josh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message