From owner-freebsd-questions@FreeBSD.ORG Wed Feb 21 18:38:40 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CF6DE170667 for ; Wed, 21 Feb 2007 18:38:40 +0000 (UTC) (envelope-from j65nko@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.239]) by mx1.freebsd.org (Postfix) with ESMTP id 824D113C49D for ; Wed, 21 Feb 2007 18:38:40 +0000 (UTC) (envelope-from j65nko@gmail.com) Received: by nz-out-0506.google.com with SMTP id i11so2622522nzh for ; Wed, 21 Feb 2007 10:38:39 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=FUvOp0OHIDatj20sC+68/u+kT1ROS4HQvgJtFpSJAbrxfHTRuHk/oeECBLuikJenfOyZqXkuJKuoSVEIFj3C7A42MxXBXafp+MtZUcpvp9dMeVs1EffV6VxzQX8SjBi1tn78UTo4ACPAsNoI7CeSrmH8Hc4AE6noyIwwgsNPJYA= Received: by 10.65.54.9 with SMTP id g9mr14441824qbk.1172083119315; Wed, 21 Feb 2007 10:38:39 -0800 (PST) Received: by 10.65.211.18 with HTTP; Wed, 21 Feb 2007 10:38:39 -0800 (PST) Message-ID: <19861fba0702211038p3144271ey1e30cf67311678ef@mail.gmail.com> Date: Wed, 21 Feb 2007 19:38:39 +0100 From: J65nko To: "=?ISO-8859-1?Q?Jos=E9_Pablo_Fern=E1ndez?=" In-Reply-To: <200702202021.55723.pablo.fernandez@rs.com.ar> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <200702202021.55723.pablo.fernandez@rs.com.ar> Cc: freebsd-questions@freebsd.org Subject: Re: PF slowing down file copies X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2007 18:38:40 -0000 On 2/21/07, Jos=E9 Pablo Fern=E1ndez wrote: > Hello, > I have a FreeBSD 6.2 acting as router between two LANs and the internet. = I am > using PF on it for filtering and I am allowing all the traffic to pass by > between the two LANs: > > pass from $lan0:network to $lan1:network keep state > pass from $lan1:network to $lan0:network keep state > > My problem is that when I copy a file from one network to the other, the = first > 128KB seems to be copied instantaneously, the second 128KB take more than= two > minutes and I've seen the third 128KB being copied very rarely. This is u= sing > Secure CoPy. > If I copy the file to the router and from the router to the other compute= r, it > just works. And it seems people copying files with SMB (Window's protocol= ) > have found the same problem. > Any ideas what might be going on? > Thanks. For keeping state on TCP connections you should only create state on the first packet of the 3 way TCP handshake. Using "flags S/SA" will ensure this. This will prevent problems with TCP windows scaling.. For a more detailed explanation and some suggestions see the 3 part series about the pf firewall starting at http://undeadly.org/cgi?action=3Darticle&sid=3D20060927091645 BTW The author of these 3 articles is Daniel Hartmeier, principal developer of pf. ;) [big snip] =3DAdriaan=3D