Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 Feb 2007 19:38:39 +0100
From:      J65nko <>
To:        "=?ISO-8859-1?Q?Jos=E9_Pablo_Fern=E1ndez?=" <>
Subject:   Re: PF slowing down file copies
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 2/21/07, Jos=E9 Pablo Fern=E1ndez <> wrote:
> Hello,
> I have a FreeBSD 6.2 acting as router between two LANs and the internet. =
I am
> using PF on it for filtering and I am allowing all the traffic to pass by
> between the two LANs:
> pass from $lan0:network to $lan1:network keep state
> pass from $lan1:network to $lan0:network keep state
> My problem is that when I copy a file from one network to the other, the =
> 128KB seems to be copied instantaneously, the second 128KB take more than=
> minutes and I've seen the third 128KB being copied very rarely. This is u=
> Secure CoPy.
> If I copy the file to the router and from the router to the other compute=
r, it
> just works. And it seems people copying files with SMB (Window's protocol=
> have found the same problem.
> Any ideas what might be going on?
> Thanks.

For keeping state on TCP connections you should only create state on
the first packet of the 3 way TCP handshake. Using "flags S/SA" will
ensure this. This will prevent problems with TCP windows scaling..

For a more detailed explanation and  some suggestions see the 3 part
series about the pf firewall starting at

BTW The author of these 3 articles is Daniel Hartmeier, principal
developer of pf. ;)

[big snip]


Want to link to this message? Use this URL: <>