Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 Feb 2007 15:49:46 -0300
From:      =?iso-8859-1?q?Jos=E9_Pablo_Fern=E1ndez?= <pablo.fernandez@rs.com.ar>
To:        J65nko <j65nko@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: PF slowing down file copies
Message-ID:  <200702211549.47028.pablo.fernandez@rs.com.ar>
In-Reply-To: <19861fba0702211038p3144271ey1e30cf67311678ef@mail.gmail.com>
References:  <200702202021.55723.pablo.fernandez@rs.com.ar> <19861fba0702211038p3144271ey1e30cf67311678ef@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Wednesday 21 February 2007 15:38, J65nko wrote:
> On 2/21/07, Jos=E9 Pablo Fern=E1ndez <pablo.fernandez@rs.com.ar> wrote:
> > Hello,
> > I have a FreeBSD 6.2 acting as router between two LANs and the internet.
> > I am using PF on it for filtering and I am allowing all the traffic to
> > pass by between the two LANs:
> >
> > pass from $lan0:network to $lan1:network keep state
> > pass from $lan1:network to $lan0:network keep state
> >
> > My problem is that when I copy a file from one network to the other, the
> > first 128KB seems to be copied instantaneously, the second 128KB take
> > more than two minutes and I've seen the third 128KB being copied very
> > rarely. This is using Secure CoPy.
> > If I copy the file to the router and from the router to the other
> > computer, it just works. And it seems people copying files with SMB
> > (Window's protocol) have found the same problem.
> > Any ideas what might be going on?
> > Thanks.
>
> For keeping state on TCP connections you should only create state on
> the first packet of the 3 way TCP handshake. Using "flags S/SA" will
> ensure this. This will prevent problems with TCP windows scaling..

Thank you. That solved it.

> For a more detailed explanation and  some suggestions see the 3 part
> series about the pf firewall starting at
> http://undeadly.org/cgi?action=3Darticle&sid=3D20060927091645

Thank you!
=2D-=20
Jos=E9 Pablo Fern=E1ndez
pablo.fernandez@rs.com.ar



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?200702211549.47028.pablo.fernandez>