Hello,
I have a single FreeBSD gateway/NAT/DNS server serving a small residential network behind a residential gateway.
Within the network -> external hosts:
Within the network -> the gateway:
On the gateway -> external hosts:
It seems then that the latency is coming into existence as packets are forwarded between the internal and external network, i.e. at the gateway. Here is my pf.conf:
I have a single FreeBSD gateway/NAT/DNS server serving a small residential network behind a residential gateway.
Within the network -> external hosts:
Code:
PING google.com (173.194.37.132) 56(84) bytes of data.
64 bytes from mia05s18-in-f4.1e100.net (173.194.37.132): icmp_seq=1 ttl=50 time=45.1 ms
64 bytes from mia05s18-in-f4.1e100.net (173.194.37.132): icmp_seq=2 ttl=50 time=46.7 ms
64 bytes from mia05s18-in-f4.1e100.net (173.194.37.132): icmp_seq=3 ttl=50 time=1001 ms
64 bytes from mia05s18-in-f4.1e100.net (173.194.37.132): icmp_seq=4 ttl=50 time=32.5 ms
64 bytes from mia05s18-in-f4.1e100.net (173.194.37.132): icmp_seq=5 ttl=50 time=1031 ms
64 bytes from mia05s18-in-f4.1e100.net (173.194.37.132): icmp_seq=6 ttl=50 time=72.8 ms
Code:
PING facebook.com (173.252.110.27) 56(84) bytes of data.
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=1 ttl=76 time=73.1 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=2 ttl=76 time=71.9 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=3 ttl=76 time=1000 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=4 ttl=76 time=72.6 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=5 ttl=76 time=1010 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=6 ttl=76 time=1023 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=7 ttl=76 time=91.8 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=8 ttl=76 time=71.8 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=9 ttl=76 time=1010 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=10 ttl=76 time=1002 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=11 ttl=76 time=70.8 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=12 ttl=76 time=71.8 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=13 ttl=76 time=1014 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=14 ttl=76 time=1003 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=15 ttl=76 time=71.4 ms
64 bytes from edge-star-shv-13-frc1.facebook.com (173.252.110.27): icmp_seq=16 ttl=76 time=74.4 msWithin the network -> the gateway:
Code:
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=1.51 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=64 time=1.29 ms
64 bytes from 192.168.1.254: icmp_seq=3 ttl=64 time=1.50 ms
64 bytes from 192.168.1.254: icmp_seq=4 ttl=64 time=3.91 ms
64 bytes from 192.168.1.254: icmp_seq=5 ttl=64 time=1.23 ms
64 bytes from 192.168.1.254: icmp_seq=6 ttl=64 time=2.14 msOn the gateway -> external hosts:
Code:
PING facebook.com (173.252.110.27): 56 data bytes
64 bytes from 173.252.110.27: icmp_seq=0 ttl=77 time=71.742 ms
64 bytes from 173.252.110.27: icmp_seq=1 ttl=77 time=70.688 ms
64 bytes from 173.252.110.27: icmp_seq=2 ttl=77 time=70.182 ms
64 bytes from 173.252.110.27: icmp_seq=3 ttl=77 time=70.709 ms
64 bytes from 173.252.110.27: icmp_seq=4 ttl=77 time=70.325 ms
64 bytes from 173.252.110.27: icmp_seq=5 ttl=77 time=71.582 ms
Code:
PING google.com (173.194.115.37): 56 data bytes
64 bytes from 173.194.115.37: icmp_seq=0 ttl=48 time=56.099 ms
64 bytes from 173.194.115.37: icmp_seq=1 ttl=48 time=55.289 ms
64 bytes from 173.194.115.37: icmp_seq=2 ttl=48 time=55.720 ms
64 bytes from 173.194.115.37: icmp_seq=3 ttl=48 time=54.371 ms
64 bytes from 173.194.115.37: icmp_seq=4 ttl=48 time=54.816 msIt seems then that the latency is coming into existence as packets are forwarded between the internal and external network, i.e. at the gateway. Here is my pf.conf:
Code:
ext_if=rl0
int_if=re0
set skip on lo0
set loginterface pflog0
set block-policy return
set ruleset-optimization profile
# pflog0 Default blocking
# pflog1 Special blocking
# pflog2 Blackhole matches
# pflog3 DNS and other meta-protocols
# pflog4 HTTP
table <blackhole> file "/var/db/ipblacklist"
table <gateway> const { $EXT_IP, 172.16.0.1 }
scrub on $ext_if random-id reassemble tcp
nat on $ext_if from $int_if:network to any -> $ext_if
# Spurious traffic
block quick log (to pflog2 all) on $ext_if from <blackhole> to any
block in quick log (to pflog1 all) on $ext_if from no-route to any
block in quick log (to pflog1 all) on $ext_if from urpf-failed to any
antispoof for lo0
block log (to pflog0) all
pass in quick log (to pflog3) proto udp to port domain
pass in quick log (to pflog4 all) proto tcp from any to any port { 443, 80 }
pass out on $ext_if from $ext_if to any modulate state
pass in on $int_if from $int_if:network to any
pass out on $int_if from any to any
pass out on $int_if from self to any
# Opened ports
pass in on $ext_if inet proto tcp from any to self port { 443, 22 }