I've narrowed down the problem to 2 particular clients on my LAN.  The BSD
box does http fine, as well as my wife's NT workstation.  The two clients
that have trouble with http are both Linux boxes.  My previous setup
included one of those Linux boxes performing NAT and routing with ipchains
and ipmasqadm and everything works fine.  I see nothing wrong with any of
the Linux machines network configuration.


----- Original Message -----
From: "David Maxwell" <david@vex.net>
To: "Dan Radom" <dradom@redback.com>
Cc: "netbsd-users" <netbsd-users@netbsd.org>
Sent: Saturday, December 30, 2000 11:11 AM
Subject: Re: ipfiltering problems


> On Fri, Dec 29, 2000 at 09:55:29PM -0700, Dan Radom wrote:
> > I'm having a little trouble with ipfiltering.  The nat box is i386
running
> > 1.5, and ex0 is external and le0 is internal.  Here are my ipf.conf and
> > ipnat.conf files.  There's not too much to them...
> >
> > [graffix@pluto graffix]$ cat /etc/ipnat.conf
> > map ex0 192.168.0.0/24 -> 24.19.63.204/32 proxy port ftp ftp/tcp
> > map ex0 192.168.0.0/24 -> 24.19.63.204/32 portmap tcp/udp 30000:60000
> > map ex0 192.168.0.0/24 -> 24.19.63.204/32
> >
> > [graffix@pluto graffix]$ cat /etc/ipf.conf
> > pass in all
> > pass out all
> >
> > My problem is this.  Everything works fine with the exception of http
> > traffic.  It will stall, timeout or run very slowly (1 or 2 K/sec or
> > slower).  I get an average of about 200 K/sec generally.
>
> That config looks completely normal. Have you ever run tests from the
NetBSD
> box, or from another client without intervening NAT?
>
> Maybe your provider has imposed a transparent http proxy on you?
>
> --
> David Maxwell, david@vex.net|david@maxwell.net --> Although some of you
out
> there might find a microwave oven controlled by a Unix system an
attractive
> idea, controlling a microwave oven is easily accomplished with the
smallest
> of microcontrollers. - Russ Hersch - (Microcontroller primer and FAQ)
>