From owner-freebsd-questions@FreeBSD.ORG Wed Feb 21 18:49:52 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 188FA170701 for ; Wed, 21 Feb 2007 18:49:52 +0000 (UTC) (envelope-from pablo.fernandez@rs.com.ar) Received: from mail.reliable.com.ar (mail.reliable.com.ar [200.55.63.143]) by mx1.freebsd.org (Postfix) with ESMTP id 3781A13C461 for ; Wed, 21 Feb 2007 18:49:50 +0000 (UTC) (envelope-from pablo.fernandez@rs.com.ar) Received: (qmail 1104 invoked by uid 1007); 21 Feb 2007 15:49:49 -0300 Received: from customer123-183-89.iplannetworks.net (HELO plab.bsas.altrs.com.ar) (pablo.fernandez@reliable.com.ar@200.123.183.89) by mail.reliable.com.ar with AES256-SHA encrypted SMTP; 21 Feb 2007 15:49:49 -0300 From: =?iso-8859-1?q?Jos=E9_Pablo_Fern=E1ndez?= Organization: RS To: J65nko Date: Wed, 21 Feb 2007 15:49:46 -0300 User-Agent: KMail/1.9.5 References: <200702202021.55723.pablo.fernandez@rs.com.ar> <19861fba0702211038p3144271ey1e30cf67311678ef@mail.gmail.com> In-Reply-To: <19861fba0702211038p3144271ey1e30cf67311678ef@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200702211549.47028.pablo.fernandez@rs.com.ar> Cc: freebsd-questions@freebsd.org Subject: Re: PF slowing down file copies X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2007 18:49:52 -0000 On Wednesday 21 February 2007 15:38, J65nko wrote: > On 2/21/07, Jos=E9 Pablo Fern=E1ndez wrote: > > Hello, > > I have a FreeBSD 6.2 acting as router between two LANs and the internet. > > I am using PF on it for filtering and I am allowing all the traffic to > > pass by between the two LANs: > > > > pass from $lan0:network to $lan1:network keep state > > pass from $lan1:network to $lan0:network keep state > > > > My problem is that when I copy a file from one network to the other, the > > first 128KB seems to be copied instantaneously, the second 128KB take > > more than two minutes and I've seen the third 128KB being copied very > > rarely. This is using Secure CoPy. > > If I copy the file to the router and from the router to the other > > computer, it just works. And it seems people copying files with SMB > > (Window's protocol) have found the same problem. > > Any ideas what might be going on? > > Thanks. > > For keeping state on TCP connections you should only create state on > the first packet of the 3 way TCP handshake. Using "flags S/SA" will > ensure this. This will prevent problems with TCP windows scaling.. Thank you. That solved it. > For a more detailed explanation and some suggestions see the 3 part > series about the pf firewall starting at > http://undeadly.org/cgi?action=3Darticle&sid=3D20060927091645 Thank you! =2D-=20 Jos=E9 Pablo Fern=E1ndez pablo.fernandez@rs.com.ar