Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 Feb 2007 19:38:39 +0100
From:      J65nko <j65nko@gmail.com>
To:        "=?ISO-8859-1?Q?Jos=E9_Pablo_Fern=E1ndez?=" <pablo.fernandez@rs.com.ar>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: PF slowing down file copies
Message-ID:  <19861fba0702211038p3144271ey1e30cf67311678ef@mail.gmail.com>
In-Reply-To: <200702202021.55723.pablo.fernandez@rs.com.ar>
References:  <200702202021.55723.pablo.fernandez@rs.com.ar>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 2/21/07, Jos=E9 Pablo Fern=E1ndez <pablo.fernandez@rs.com.ar> wrote:
> Hello,
> I have a FreeBSD 6.2 acting as router between two LANs and the internet. =
I am
> using PF on it for filtering and I am allowing all the traffic to pass by
> between the two LANs:
>
> pass from $lan0:network to $lan1:network keep state
> pass from $lan1:network to $lan0:network keep state
>
> My problem is that when I copy a file from one network to the other, the =
first
> 128KB seems to be copied instantaneously, the second 128KB take more than=
 two
> minutes and I've seen the third 128KB being copied very rarely. This is u=
sing
> Secure CoPy.
> If I copy the file to the router and from the router to the other compute=
r, it
> just works. And it seems people copying files with SMB (Window's protocol=
)
> have found the same problem.
> Any ideas what might be going on?
> Thanks.

For keeping state on TCP connections you should only create state on
the first packet of the 3 way TCP handshake. Using "flags S/SA" will
ensure this. This will prevent problems with TCP windows scaling..

For a more detailed explanation and  some suggestions see the 3 part
series about the pf firewall starting at
http://undeadly.org/cgi?action=3Darticle&sid=3D20060927091645

BTW The author of these 3 articles is Daniel Hartmeier, principal
developer of pf. ;)

[big snip]

=3DAdriaan=3D



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?19861fba0702211038p3144271ey1e30cf67311678ef>