LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices


Reply
  Search this Thread
Old 01-27-2009, 03:08 PM   #1
Ruler2112
Member
 
Registered: Oct 2004
Location: Michigan, US
Distribution: Redhat 7.3, 9.0; Slackware 10, 10.1, 10.2, 11; FreeBSD 7.0; KnoppMyth 5.5
Posts: 125

Rep: Reputation: 16
Slow/Intermittent NATed Internet After Reboot


I have a system running FreeBSD 7 with a 3 meg DSL connection acting as a mail server and also providing NAT services for a local WiFi hotspot. Everything was great until recently when the server locked up and needed a reboot.

I started a thread on here with details of the crash. (Best theory is that the time sync script caused times to repeat and confused processes which eventually led to a crash.) After rebooting the server, everything seemed to be OK. However, I've noticed that the throughput speed is significantly lower than before. (I'm talking 30-40 kbps instead of 290-320.) Also, I'm unable to get to certain web sites, or even ping them (Destination host unreachable when I try), even though I can get to them from machines on another internet line. Pinging from the server console works fine; it's only on machines being masqueraded via NAT that there's a problem.

Here's my pf.conf:

Code:
# Set variables.
ext_if = "tun0"
lcl_if = "lo0"
lcl_ip = "127.0.0.1/32"
int_if = "rl0"
int_ip = "192.168.20.1/24"
int_sip = "192.168.20.1/32"
adm_if = "vr0"
adm_ip = "192.168.5.2/32"
adm_sip = "192.168.5.1/32"

pop3_ports = "{ 110, 995 }"
imap_ports = "{ 143, 993 }"
smtp_ports = "{ 25, 2225 }"
bind_ports = "{ 53 }"
webs_ports = "{ 80, 443 }"
admn_ports = "{ 22, 10101 }"
icmp_types = "echoreq"

# Set defaults.
set block-policy return
#set loginterface $ext_if
set skip on $lcl_if
scrub in on { $ext_if, $int_if }

# Allow internal interfaces to get to the internet.
nat on $ext_if from $int_ip to any -> ($ext_if)
nat on $ext_if from $adm_ip to any -> ($ext_if)

# Block everything unless later explicitly allowed.
block in

# Keep state for established connections.
pass out keep state

# Protect against IP spoofing on local network segments.
antispoof quick for { $lcl_if $int_if $adm_if }

# Block inbound traffic from IPs not valid for each interface.
block in quick on ! $int_if inet from $int_ip to any
block in quick on ! $adm_if inet from $adm_ip to any

# Nobody else is me - block attempts to make us think so.
block in quick on $int_if inet from $int_sip to any
block in quick on $adm_if inet from $adm_sip to any

# Assume administrator knows what he is doing.  Not necessarily true...
pass in quick on $adm_if from $adm_ip

pass in on $ext_if inet proto tcp from any to ($ext_if) port $pop3_ports flags S/SA keep state
pass in on $ext_if inet proto tcp from any to ($ext_if) port $imap_ports flags S/SA keep state
pass in on $ext_if inet proto tcp from any to ($ext_if) port $smtp_ports flags S/SA keep state
pass in on $ext_if inet proto { tcp, udp } from any to ($ext_if) port $bind_ports
pass in on $ext_if inet proto tcp from any to ($ext_if) port $webs_ports flags S/SA keep state
pass in on $int_if inet proto tcp from any to any port $pop3_ports flags S/SA keep state
pass in on $int_if inet proto tcp from any to any port $imap_ports flags S/SA keep state
pass in on $int_if inet proto tcp from any to any port $smtp_ports flags S/SA keep state
pass in on $int_if inet proto { tcp, udp } from any to any port $bind_ports
pass in on $int_if inet proto tcp from any to any port $webs_ports flags S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types keep state

This has not changed since well before the crash. Likewise, /etc/rc.conf is the same, but here are lines relevant to the network/firewall from that file.

Code:
gateway_enable="YES"
natd_enable="YES"
natd_interface="tun0"
natd_flags=""
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""
named_enable="YES"
ifconfig_nfe0="up"
ifconfig_vr0="inet 192.168.5.1 netmask 255.255.255.0"
ifconfig_rl0="inet 192.168.20.1 netmask 255.255.255.0"
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="YES"
#icmp_drop_redirect="YES"
icmp_log_redirect="YES"
log_in_vain="NO"
tcp_keepalive="YES"
icmp_bmcastecho="NO"
icmp_bandlim="YES"
apache22_enable="YES"

Any ideas? The most puzzling thing to me is that I can get to certain sites and not others. The speed is a lesser issue, though still perplexing - I figured that it would either be there or not. Speed tests show that the speed is the same as before and from some sites, that's true. My gut feeling is that the speed trouble is a symptom of the former.

Again, everything was fine before the box went down. The only config changes I made were to disable the webmin time sync script and install/enable OpenNTPd as described in the above referenced thread.
 
Old 01-28-2009, 05:10 PM   #2
Ruler2112
Member
 
Registered: Oct 2004
Location: Michigan, US
Distribution: Redhat 7.3, 9.0; Slackware 10, 10.1, 10.2, 11; FreeBSD 7.0; KnoppMyth 5.5
Posts: 125

Original Poster
Rep: Reputation: 16
Nevermind this thread... My apologies for wasting space. (%#$*(&^@ING WINDOZE LAPTOP!!!)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I troubleshoot slow / intermittent transfers? zybernaut Linux - Networking 2 09-19-2008 09:19 AM
Intermittent boot problem on 4.0- impossibly slow sonichedgehog Debian 3 01-02-2008 02:58 AM
Problem with intermittent internet access steverwanda Linux - Networking 4 01-12-2006 12:07 PM
Intermittent Internet connection drops mlaverdiere Linux - Networking 2 08-21-2004 06:23 PM
Intermittent disconnects force reboot (RH8) NLawrence Linux - Networking 0 02-28-2004 01:29 PM

LinuxQuestions.org > Forums > Other *NIX Forums > *BSD

All times are GMT -5. The time now is 04:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration