Date: Mon, 29 Jan 2001 09:35:36 -0800 (PST) From: David Wolfskill <dhw@whistle.com> To: freebsd-stable@freebsd.org Subject: Re: ipnat vs natd and ipf vs ipfw (fwd) Message-ID: <200101291735.f0THZaf84267@pau-amma.whistle.com> In-Reply-To: <5.0.1.4.0.20010129121235.037a5ec0@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
>Date: Mon, 29 Jan 2001 12:15:25 -0500
>From: Mike Tancsa <mike@sentex.net>
>>Curious. My home firewall is (still) running FreeBSD 3.2-R; and it's a
>>P-120 with 16 MB memory... yet I was able to FTP a good-sized (>1 MB)
>>file from ftp.freebsd.org at >150 FB/s. And I'm using ipfw & natd.
>Perhaps it was due to some interaction with natd and PPPoE. Not sure. From
>the machine itself, I could get full rate throughput on all applications.
>It was only from the machines behind the FreeBSD box where I would notice a
>significant speed drop when using NAT. Going through squid, or even socks5
>was/is quick-- only with nat would I see the speed drop (e.g. downloading
>binary attachments from my news server). But as soon as I switched to
>ipnat, the speed was at expected levels from all my home workstations on
>all services.
Well, I do have a static IP address (good thing for running nameservers,
eh?). Other than that, I don't see anything obviously so different in
configuration that might indicate the difference in behavior.
I just did an FTP from an internal machine (note that there was probably
some other activity, as my spouse is home doing something, and I'm at
work, logged in at home via ssh tunnel):
bunrab[6] ftp ftp.freebsd.org
Connected to ftp.freesoftware.com.
220 sourcerer.freesoftware.com FTP server (Version DG-4.0.62 974200128) ready.
Name (ftp.freebsd.org:david): ftp
331 Guest login ok, send your email address as password.
Password:
230-Welcome to ftp.freesoftware.com - home FTP site for Walnut Creek CDROM.
230-There are currently 849 users out of 5000 possible.
230-
...
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pass
Passive mode on.
ftp> dir
227 Entering Passive Mode (216,66,64,162,17,167)
150 Opening ASCII mode data connection for 'file list'.
total 137637
-r--r--r-- 1 root wheel 424 Feb 28 2000 README
drwxr-xr-x 2 root wheel 512 Feb 10 2000 archive-info
drwxr-xr-x 2 root wheel 512 Jul 5 2000 etc
-rw-r--r-- 1 root wheel 124347711 Jan 29 13:24 ls-lR
-rw-r--r-- 1 root wheel 16587118 Jan 29 13:25 ls-lR.gz
drwxr-xr-x 2 root wheel 1024 Nov 11 03:48 pub
226 Transfer complete.
ftp> get ls-lR
local: ls-lR remote: ls-lR
227 Entering Passive Mode (216,66,64,162,17,215)
150 Opening BINARY mode data connection for 'ls-lR' (124347711 bytes).
100% |**************************************************| 118 MB 00:00 ETA
226 Transfer complete.
124347711 bytes received in 852.83 seconds (142.39 KB/s)
ftp> 221 Goodbye!
bunrab[7] ifconfig -a
de0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 172.16.8.11 netmask 0xffffff00 broadcast 172.16.8.255
ether 00:40:05:a2:08:71
media: autoselect (100baseTX <full-duplex>) status: active
supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
bunrab[8]
(That last was to demonstrate that I was doing the FTP from a machine on
the internal net, vs. the firewall itself.)
Cheers,
david
--
David Wolfskill dhw@whistle.com UNIX System Administrator
Desk: 650/577-7158 TIE: 8/499-7158 Cell: 650/759-0823
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101291735.f0THZaf84267>