From owner-freebsd-questions@FreeBSD.ORG Fri Jun 16 18:59:05 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 190DF16A47A for ; Fri, 16 Jun 2006 18:59:05 +0000 (UTC) (envelope-from jbronson@wixb.com) Received: from cheyenne.sixcompanies.com (cheyenne.sixcompanies.com [65.43.82.174]) by mx1.FreeBSD.org (Postfix) with ESMTP id C3C6143D5E for ; Fri, 16 Jun 2006 18:59:04 +0000 (GMT) (envelope-from jbronson@wixb.com) Message-Id: <7.0.1.0.2.20060616135513.00e743b0@sixcompanies.com> Date: Fri, 16 Jun 2006 13:59:01 -0500 To: freebsd-questions@freebsd.org From: "J.D. Bronson" Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: pf + ftp throughput X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jun 2006 18:59:05 -0000 given the following rules: # Permit internal network to send packets through the firewall pass in quick on $INT_IF from $INT_IF:network to any flags S/SA keep state # Permit traffic from firewall to initiate connection to internal network: pass out quick on $INT_IF from any to $INT_IF:network flags S/SA keep state ..I have noticed that if I use 'keep state' ftp rates are fine (machine to machine...not via ftp-proxy) but if I change this to 'modulate state' my ftp rates fall... For example...moving a 50MB file: 'keep state' = 11-12MB/sec over 100MB-FDX 'modulate state = 6-7MB/sec over 100MB-FDX ..it took me a while to determine the culprit here - but I am curious as to why this is the case?