From owner-freebsd-pf@FreeBSD.ORG Mon Feb 15 13:53:37 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 266D4106568F for ; Mon, 15 Feb 2010 13:53:37 +0000 (UTC) (envelope-from dgeo@centrale-marseille.fr) Received: from melo.ec-m.fr (melo.ec-m.fr [147.94.19.139]) by mx1.freebsd.org (Postfix) with ESMTP id D88A38FC26 for ; Mon, 15 Feb 2010 13:53:36 +0000 (UTC) Received: from localhost (amavis3.serv.int [10.3.0.47]) by melo.ec-m.fr (GrosseBox 1743 XXL) with ESMTP id 661EBAC840; Mon, 15 Feb 2010 14:53:34 +0100 (CET) X-Virus-Scanned: amavisd-new at centrale-marseille.fr Received: from melo.ec-m.fr ([10.3.0.13]) by localhost (amavis3.serv.int [10.3.0.47]) (amavisd-new, port 10024) with LMTP id NDgfebTkbR3W; Mon, 15 Feb 2010 14:53:29 +0100 (CET) Received: from dgeo.sysadm.ec-m.fr (dgeo.sysadm.ec-m.fr [147.94.19.169]) (Authenticated sender: dgeo) by melo.ec-m.fr (GrosseBox 1743 XXL) with ESMTPSA id DF79EAC832; Mon, 15 Feb 2010 14:53:28 +0100 (CET) Message-ID: <4B7951D7.8080703@centrale-marseille.fr> Date: Mon, 15 Feb 2010 14:53:27 +0100 From: geoffroy desvernay User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.7) Gecko/20100210 Thunderbird/3.0.1 MIME-Version: 1.0 To: Albert Shih References: <20100205123254.GN11310@obspm.fr> <4B748700.70409@centrale-marseille.fr> <20100212164454.GA23456@obspm.fr> <4B765EAC.9020201@centrale-marseille.fr> <20100215105629.GJ44403@obspm.fr> In-Reply-To: <20100215105629.GJ44403@obspm.fr> X-Enigmail-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Cc: freebsd-pf@freebsd.org Subject: Re: How make the route-to working ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Feb 2010 13:53:37 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 15.02.2010 11:56, Albert Shih wrote: > Le 13/02/2010 à 09:11:24+0100, geoffroy desvernay a écrit >> Albert Shih a écrit : >>> OK now it's working. But I have some big trouble about the bandwith. >>> >>> Now when I try to do something like a scp, or ftp or wget from inside a >>> jail to outside, everything work fine. The traffic go to right interface, >>> the answer too. >>> >>> But when I try to do some network connection (ssh, scp etc..) from outside >>> to a jail the bandwith is catastrophic (~40kB/s on 1Gbit/s). >>> >>> And for you ? >>> >> Using this kind of setup since at least two years for ~500 real users >> without complains... (three different 'ssh jails' on the same machine >> with many vlans and three "default" gateways) >> > > OK I find the problem. It's come from TSO. > > If I disable TSO by sysctl everything become «normal» and works fine. > > Thanks again for your help. > You're welcome... Just to be sure to get it: you do use an 'fxp' ethernet card and 7.2-RELEASE or not ? (In other words, is it the fxp bug described here http://www.freebsd.org/releases/7.2R/errata.html ?) On the server I use, I've server# sysctl -a|grep tso net.inet.tcp.tso: 1 … without any (known) problem, on a: FreeBSD 7.2-STABLE #3: Thu Sep 24 21:32:33 CEST 2009 with two bge(4) interfaces... - -- *geoffroy desvernay* C.R.I - Administration systèmes et réseaux Ecole Centrale de Marseille -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkt5UdcACgkQGbFYzwF8gKrAVACfV9Kuq6jef7nQHzzRREvllCUg 7a8AoI4BhBP4WciZgrPSw1/E2TPkcflo =spTC -----END PGP SIGNATURE-----