On Fri, Dec 29, 2000 at 09:55:29PM -0700, Dan Radom wrote:
> I'm having a little trouble with ipfiltering.  The nat box is i386 running
> 1.5, and ex0 is external and le0 is internal.  Here are my ipf.conf and
> ipnat.conf files.  There's not too much to them...
> 
> [graffix@pluto graffix]$ cat /etc/ipnat.conf
> map ex0 192.168.0.0/24 -> 24.19.63.204/32 proxy port ftp ftp/tcp
> map ex0 192.168.0.0/24 -> 24.19.63.204/32 portmap tcp/udp 30000:60000
> map ex0 192.168.0.0/24 -> 24.19.63.204/32
> 
> [graffix@pluto graffix]$ cat /etc/ipf.conf
> pass in all
> pass out all
> 
> My problem is this.  Everything works fine with the exception of http
> traffic.  It will stall, timeout or run very slowly (1 or 2 K/sec or
> slower).  I get an average of about 200 K/sec generally.

That config looks completely normal. Have you ever run tests from the NetBSD
box, or from another client without intervening NAT?

Maybe your provider has imposed a transparent http proxy on you?

-- 
David Maxwell, david@vex.net|david@maxwell.net --> Although some of you out
there might find a microwave oven controlled by a Unix system an attractive
idea, controlling a microwave oven is easily accomplished with the smallest
of microcontrollers. - Russ Hersch - (Microcontroller primer and FAQ)