Hi
I have a problem with this configuration:
When i use natd + ipfw + ipf all works fine, but i want to use ipnat + ipfw + ipf -> this configuration works(ping+masquarade..etc.), but not everything: when i play starcraft i got big delay and lag... this not happens when i use natd + ipfw + ipf configuration, so the hardware is OK.
uname -a
FreeBSD forteca.*** 7.1-RELEASE FreeBSD 7.1-RELEASE #1: Mon Apr 1 00:27:31 CEST 2002 root@forteca.***:/usr/obj/usr/src/sys/FORTECA i386
# Internet firewall
options DUMMYNET
options HZ=2000
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
options IPFIREWALL_FORWARD #packet destination changes
#options IPFIREWALL_FORWARD_EXTENDED #all packet dest changes
options IPDIVERT #divert sockets
options IPFILTER #ipfilter support
options IPFILTER_LOG #ipfilter logging
options IPFILTER_LOOKUP #ipfilter pools
options IPSTEALTH #support for stealth forwarding
gateway_enable="YES"
hostname="forteca.****"
ifconfig_rl0="DHCP"
ifconfig_rl1="inet 10.10.10.1 netmask 255.255.255.0"
ipfilter_enable="YES"
ipfilter_program="/sbin/ipf"
ipfilter_rules="/etc/ipf.rules"
firewall_enable="YES"
firewall_type="/etc/ipfw.rules"
ipnat_enable="YES"
ipnat_program="/sbin/ipnat"
ipnat_rules="/etc/ipnat.rules"
#natd_enable="YES"
#natd_interface="rl0"
#natd_flags="-f /etc/natd.conf"
File: ipf.rules
pass in quick all
pass out quick all
File: ipfw.rules
ipfw -q -f pipe flush
ipfw -q -f queue flush
ipfw -q -f flush
ipfw -q zero
File: ipnat.rules
map rl0 10.10.10.2/32 -> 192.168.1.1/32 proxy port ftp ftp/tcp
map rl0 10.10.10.2/32 -> 192.168.1.1/32 portmap tcp/udp 40000:60000
map rl0 10.10.10.2/32 -> 192.168.1.1/32
rdr rl0 192.168.1.1/32 port 6112 -> 10.10.10.2 port 6112 tcp/udp
File: natd.conf
interface rl0
use_sockets yes
same_ports yes
dynamic yes
any ideas where is the problem?
I have a problem with this configuration:
When i use natd + ipfw + ipf all works fine, but i want to use ipnat + ipfw + ipf -> this configuration works(ping+masquarade..etc.), but not everything: when i play starcraft i got big delay and lag... this not happens when i use natd + ipfw + ipf configuration, so the hardware is OK.
uname -a
FreeBSD forteca.*** 7.1-RELEASE FreeBSD 7.1-RELEASE #1: Mon Apr 1 00:27:31 CEST 2002 root@forteca.***:/usr/obj/usr/src/sys/FORTECA i386
# Internet firewall
options DUMMYNET
options HZ=2000
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
options IPFIREWALL_FORWARD #packet destination changes
#options IPFIREWALL_FORWARD_EXTENDED #all packet dest changes
options IPDIVERT #divert sockets
options IPFILTER #ipfilter support
options IPFILTER_LOG #ipfilter logging
options IPFILTER_LOOKUP #ipfilter pools
options IPSTEALTH #support for stealth forwarding
gateway_enable="YES"
hostname="forteca.****"
ifconfig_rl0="DHCP"
ifconfig_rl1="inet 10.10.10.1 netmask 255.255.255.0"
ipfilter_enable="YES"
ipfilter_program="/sbin/ipf"
ipfilter_rules="/etc/ipf.rules"
firewall_enable="YES"
firewall_type="/etc/ipfw.rules"
ipnat_enable="YES"
ipnat_program="/sbin/ipnat"
ipnat_rules="/etc/ipnat.rules"
#natd_enable="YES"
#natd_interface="rl0"
#natd_flags="-f /etc/natd.conf"
File: ipf.rules
pass in quick all
pass out quick all
File: ipfw.rules
ipfw -q -f pipe flush
ipfw -q -f queue flush
ipfw -q -f flush
ipfw -q zero
File: ipnat.rules
map rl0 10.10.10.2/32 -> 192.168.1.1/32 proxy port ftp ftp/tcp
map rl0 10.10.10.2/32 -> 192.168.1.1/32 portmap tcp/udp 40000:60000
map rl0 10.10.10.2/32 -> 192.168.1.1/32
rdr rl0 192.168.1.1/32 port 6112 -> 10.10.10.2 port 6112 tcp/udp
File: natd.conf
interface rl0
use_sockets yes
same_ports yes
dynamic yes
any ideas where is the problem?