I've been having some strange networking problems under i386.
I have a 486 running ipnat with 2 ne2000 clones. ne1 goes to the outside
(a RoadRunner cable modem), ne0 goes to the inside hosts.

Symptom:
I get bad performance on outbound tcp connections to certain
machines, but not to others. The problem is consistent; ie, all connections
to machine foo are slow, while all connections to machine bar are fast. It's
not a routing problem, as I've tried the case where foo and bar are in the
same domain and the same route is taken to both machines. Nor is it a
congestion problem; an ftp to machine foo could go at 160k/s when I have an
all-but-unsable telnet connection to machine bar, where again foo and bar
are in the same domain.

By bad performance, I mean a bursty, high latency connection. For example,
telnetting to a machine delivers a burst of data, then 2-15 seconds of delay,
then another burst, etc. Similarly, if I telnet to a web server's www port
and give it a get request, I'll get maybe a dozen lines of data, then a
pause, then another dozen lines, etc.

Inbound connections are not affected. samba serving is fast, web serving is
fast, X or scp over ssh is fast.

Connections to other NetBSD machines seem not to be affected; if I go down
the list of netbsd machines listed in the netbsd gallery in lynx, most of
them work quickly.

The problem happens whether or not I have ipf enabled, and it happens both
on the 486 and on the machines behind it that run through ipnat.

(Another question: how to prevent dhclinet from clobbering ne0 when
it gets an ip for ne1? I'm running the latest version from isc.)

Below are my ipf, ipnat, and nic configurations.

Thanks in advance,
George

--
George Coulouris - http://www.tc.cornell.edu/~glc5/


ipf.conf
--------
#udp stuff
block in on ne1 proto udp from any to any port = snmp
block in on ne1 proto udp from any to any port = biff
block in on ne1 proto udp from any to any port = netwall
block in on ne1 proto udp from any to any port = ntalk

#rpc stuff
block in on ne1 proto udp from any to any port = 111  # portmapper
block in on ne1 proto udp from any to any port = 1032 # rstatd
block in on ne1 proto udp from any to any port = 1033 # rusersd
block in on ne1 proto udp from any to any port = 1034 # walld

#tcp stuff
block in on ne1 proto tcp from any to any flags S/SA
#pass in quick on ne1 proto tcp from any to any port = telnet
pass in quick on ne1 proto tcp from any to any port = netbios-ssn
pass  in quick on ne1 proto tcp from any to any port = www
#pass  in quick on ne1 proto tcp from any to any port = smtp
pass  in quick on ne1 proto tcp from any to any port = ssh

ipnat.conf
----------
map ne1 172.16.0.0/24 -> 0/32 portmap tcp/udp 40000:60000
map ne1 172.16.0.0/24 -> 0/32

nic config
----------
ne0     at isa? port 0x280 irq 9                # NE[12]000 ethernet cards
ne1     at isa? port 0x300 irq 5