RE: Bandwidth hit in natd/ipfw on 4.4-RELEASE
My first question to help is why do you have any firewall at all? firewall_type=OPEN Typically means that you have no ports being blocked? I'm hoping this is just for testing purposes? I see in your natd.conf file you have a line for unregistered_only=YES. This switch is for alteration of outgoing packets based on RFC 1918. I'm assuming then that you are looking at using natd for outgoing packets only? In which case in your files you would identify the natd_interface=dc0 allowing for the unregistered statement to then alter outgoing packets. I would also suggest if you have any LinkSys routers between your FBSD box and the Internet, that you examine them, as I have just recently replaced all my Internet hard routers with CISCO's due to the LinkSys being unable to hold an MTU setting. Just my two cents. Res Ipsa Loquitor, Mark-Nathaniel Weisman Site Master Mystic_One Internet Gaming Server Anchorage, Alaska http://games.mystic1.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, March 25, 2004 6:24 PM To: [EMAIL PROTECTED] Subject: Bandwidth hit in natd/ipfw on 4.4-RELEASE Hey, I just my got NAT box running 4.4-RELEASE on an old Pentium 90 and I'm experiencing a number of problems and I think they're related.. there's been a major bandwidth hit in all my web surfing and my ICQ, AOL and MSN (using both Trillian and Messenger) are dropping connections -- a lot. I don't think a single day's gone by without a connection dropping or two. As I said before, I've taken a bandwidth hit on my surfing as well -- to the point where connection attempts are completely timing out. I've included an abbreviated rc.conf and my natd.conf here.. rc.conf snip ifconfig_rl0=DHCP ifconfig_dc0=inet 192.168.0.1 netmask 255.255.255.0 inetd_enable=YES snip gateway_enable=YES natd_enable=YES natd_inteface=rl0 natd_flags=-config /etc/natd.conf firewall_enable=YES firewall_type=OPEN natd.conf unregistered_only yes same_ports yes log yes dynamic yes interface rl0 Did I do anything wrong? Miss anything? Add anything unnecessary? The kernel's been recompiled as is appropriate. Thanks in advance. -- Matt Coe, CCNA Member-At-Large, Dalhousie University CS Society Fall 2003 'Ford! There's an infinite number of monkeys outside who want to talk to us about this script for Hamlet they've worked out.' -- DNA, 'The Hitch Hiker's Guide to the Galaxy', Arthur Philip Dent Sick of long-distance bills? Get Skype! www.skype.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bandwidth hit in natd/ipfw on 4.4-RELEASE
On Thu, Mar 25, 2004 at 08:24:04PM -0700, [EMAIL PROTECTED] typed: Hey, I just my got NAT box running 4.4-RELEASE on an old Pentium 90 and I'm experiencing a number of problems and I think they're related.. there's been a major bandwidth hit in all my web surfing and my ICQ, AOL and MSN (using both Trillian and Messenger) are dropping connections -- a lot. I don't think a single day's gone by without a connection dropping or two. As I said before, I've taken a bandwidth hit on my surfing as well -- to the point where connection attempts are completely timing out. I've included an abbreviated rc.conf and my natd.conf here.. Please wrap your lines at ~70 characters. 4.4-RELEASE is quite old. Have you considered the possibility that you got rooted? Ruben ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bandwidth hit in natd/ipfw on 4.4-RELEASE
Ruben de Groot wrote: 4.4-RELEASE is quite old. Have you considered the possibility that you got rooted? I'm sure it's /possible/, but extraordinarily unlikely. The server's only been three days and I'm on a university resnet; I'd guess that no port below 1024 is accessible from outside my house.. and the most computer-literate people in this house are either Counter-Strike addicts or me. There are very few Computer Science students in this house, and I'm probably the only person who actively uses something other than WinXP or MacOS X. -- Matt Coe, CCNA Member-At-Large, Dalhousie University CS Society Fall 2003 'Ford! There's an infinite number of monkeys outside who want to talk to us about this script for Hamlet they've worked out.' -- DNA, 'The Hitch Hiker's Guide to the Galaxy', Arthur Philip Dent Sick of long-distance bills? Get Skype! www.skype.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bandwidth hit in natd/ipfw on 4.4-RELEASE
On Fri, Mar 26, 2004 at 10:43:56AM -0400, Matt Coe, CCNA typed: Ruben de Groot wrote: 4.4-RELEASE is quite old. Have you considered the possibility that you got rooted? I'm sure it's /possible/, but extraordinarily unlikely. The server's only been three days and I'm on a university resnet; I'd guess that no port below 1024 is accessible from outside my house.. and the most computer-literate people in this house are either Counter-Strike addicts or me. There are very few Computer Science students in this house, and I'm probably the only person who actively uses something other than WinXP or MacOS X. So maybe *they* got infected by some bandwidth-hungry virus/trojan/worm ? Seriously, have you tried investigating (netstat/sockstat/tcpdump are all good tools for this) what exactly is consuming so much bandwidth on your system? Ruben ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bandwidth hit in natd/ipfw on 4.4-RELEASE
Hey, I just my got NAT box running 4.4-RELEASE on an old Pentium 90 and I'm experiencing a number of problems and I think they're related.. there's been a major bandwidth hit in all my web surfing and my ICQ, AOL and MSN (using both Trillian and Messenger) are dropping connections -- a lot. I don't think a single day's gone by without a connection dropping or two. As I said before, I've taken a bandwidth hit on my surfing as well -- to the point where connection attempts are completely timing out. I've included an abbreviated rc.conf and my natd.conf here.. rc.conf snip ifconfig_rl0=DHCP ifconfig_dc0=inet 192.168.0.1 netmask 255.255.255.0 inetd_enable=YES snip gateway_enable=YES natd_enable=YES natd_inteface=rl0 natd_flags=-config /etc/natd.conf firewall_enable=YES firewall_type=OPEN natd.conf unregistered_only yes same_ports yes log yes dynamic yes interface rl0 Did I do anything wrong? Miss anything? Add anything unnecessary? The kernel's been recompiled as is appropriate. Thanks in advance. -- Matt Coe, CCNA Member-At-Large, Dalhousie University CS Society Fall 2003 'Ford! There's an infinite number of monkeys outside who want to talk to us about this script for Hamlet they've worked out.' -- DNA, 'The Hitch Hiker's Guide to the Galaxy', Arthur Philip Dent Sick of long-distance bills? Get Skype! www.skype.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]