Hi,
I'm running m0n0wall 1.4 on a WRAP 1.c board (3 ethernet + a wireless
card) as my home NAT/Firewall/Wireless Access Point. It's working
great for wired connections, including when I use Nortel Contivity VPN
client from a WinXP laptop. But when I use the wireless card on the
laptop and the wireless AP, performance really sucks. I have to keep
reloading web pages, etc, to get them to load completely.
Very frustrating. Should I look into getting the 2.x beta stuff and
seeing if that provides better speed? How can I debug this? Should I
boot the laptop with a Knoppix CD and see how well I can get it to run
then?
My configuration is pretty simple I think. I've got a cable modem on
the WAN interface, I've got the LAN interface setup for the
192.168.1/24 subnet, and I've made the WiFi subnet into it's own
192.168.2/24 subnet for increased security. I'm also using WAP with a
128bit key. I know, not the most secure.
Here are the interfaces and rules I have setup currently, does anyone
see anything I'm doing wrong? Should I lower the MTU on the wireless
side abit maybe?
Or could it be that my router rules are broken somehow?
Here's my status.php details, slightly edited...
Interfaces
wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.2.254 netmask 0xffffff00 broadcast 192.168.2.255
ether 00:02:6f:35:8f:80
media: IEEE 802.11 Wireless Ethernet autoselect <hostap> (DS/2Mbps <hos
tap>)
status: associated
ssid JackAttack 1:JackAttack
stationname "FreeBSD WaveLAN/IEEE node"
channel 3 authmode OPEN powersavemode OFF powersavesleep 100
wepmode MIXED weptxkey 1
wepkey 1:128-bit
sis0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
ether 00:0d:b9:00:30:80
media: Ethernet autoselect (none)
status: no carrier
sis1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet xx.yyy.zzz.41 netmask 0xfffffc00 broadcast 255.255.255.255
ether 00:80:5f:e2:6b:b0
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
sis2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:0d:b9:00:30:82
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
Routing tables
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default xx.yyy.zzz.1 UGSc 4 1887734 sis1
xx.yyy.zzz/22 link#3 UC 1 0 sis1
xx.yyy.zzz.1 00:0c:31:f3:70:70 UHLW 4 0 sis1 1200
xx.yyy.zzz.41 127.0.0.1 UGHS 0 0 lo0
127.0.0.1 127.0.0.1 UH 1 0 lo0
192.168.1 link#4 UC 5 0 sis2
192.168.1.5 00:a0:cc:5b:f6:cc UHLW 0 549737 sis2 982
192.168.1.6 00:c0:4f:a1:16:9b UHLW 5 1396481 sis2 753
192.168.1.25 00:40:f4:09:2b:db UHLW 0 559 sis2 460
192.168.1.118 link#4 UHLW 1 2 sis2
192.168.1.254 00:0d:b9:00:30:82 UHLW 0 12 lo0
192.168.2 link#1 UC 1 0 wi0
192.168.2.120 00:04:23:5e:5a:37 UHLW 2 493 wi0 1049
ipfw show
ipfw: getsockopt(IP_FW_GET): Protocol not available
ipnat -lv
List of active MAP/Redirect filters:
map sis1 192.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map sis1 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map sis1 192.168.1.0/24 -> 0.0.0.0/32
map sis1 192.168.2.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map sis1 192.168.2.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map sis1 192.168.2.0/24 -> 0.0.0.0/32
rdr sis1 0.0.0.0/0 port 22 -> 192.168.1.6 port 22 tcp
ipfstat -nio
@1 pass out quick on lo0 from any to any
@2 pass out quick on sis2 proto udp from 192.168.1.254/32 port = 67 to any port
= 68
@3 pass out quick on wi0 proto udp from 192.168.2.254/32 port = 67 to any port
= 68
@4 pass out quick on sis1 proto udp from any port = 68 to any port = 67
@5 pass out quick on sis2 from any to any keep state
@6 pass out quick on sis1 from any to any keep state
@7 pass out quick on wi0 from any to any keep state
@8 block out quick from any to any
@1 pass in quick on lo0 from any to any
@2 block in quick from any to any with short
@3 block in quick from any to any with ipopt
@4 pass in quick on sis2 proto udp from any port = 68 to 255.255.255.255/32 por
t = 67
@5 pass in quick on sis2 proto udp from any port = 68 to 192.168.1.254/32 port
= 67
@6 pass in quick on wi0 proto udp from any port = 68 to 255.255.255.255/32 port
= 67
@7 pass in quick on wi0 proto udp from any port = 68 to 192.168.2.254/32 port =
67
@8 block in quick on sis1 from 192.168.1.0/24 to any
@9 block in quick on sis1 from 192.168.2.0/24 to any
@10 block in quick on sis1 proto udp from any port = 67 to 192.168.1.0/24 port
= 68
@11 pass in quick on sis1 proto udp from any port = 67 to any port = 68
@12 block in quick on sis2 from !192.168.1.0/24 to any
@13 block in quick on wi0 from !192.168.2.0/24 to any
@14 block in quick on sis1 from 10.0.0.0/8 to any
@15 block in quick on sis1 from 127.0.0.0/8 to any
@16 block in quick on sis1 from 172.16.0.0/12 to any
@17 block in quick on sis1 from 192.168.0.0/16 to any
@18 skip 1 in proto tcp from any to any flags S/FSRA
@19 block in quick proto tcp from any to any
@20 block in quick on sis2 from any to any head 100
@1 pass in quick from 192.168.1.0/24 to 192.168.1.254/32 keep state group 100
@2 pass in quick from 192.168.1.0/24 to any keep state group 100
@21 block in quick on sis1 from any to any head 200
@1 pass in quick proto tcp from any to 192.168.1.6/32 port = 22 keep state grou
p 200
@22 block in quick on wi0 from any to any head 300
@1 pass in log quick from 192.168.2.0/24 to !192.168.1.0/24 keep state keep fra
gs group 300
@23 block in quick from any to any | 