From owner-freebsd-pf@FreeBSD.ORG Mon Feb 15 10:56:34 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 378A61065694 for ; Mon, 15 Feb 2010 10:56:34 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from smtp-int-m.obspm.fr (smtp-int-m.obspm.fr [145.238.187.15]) by mx1.freebsd.org (Postfix) with ESMTP id AB0858FC22 for ; Mon, 15 Feb 2010 10:56:33 +0000 (UTC) Received: from obspm.fr (pcjas.obspm.fr [145.238.184.233]) by smtp-int-m.obspm.fr (8.14.3/8.14.3/SIO Observatoire de Paris - 07/2009) with ESMTP id o1FAuTv8017988 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 15 Feb 2010 11:56:30 +0100 Date: Mon, 15 Feb 2010 11:56:29 +0100 From: Albert Shih To: geoffroy desvernay Message-ID: <20100215105629.GJ44403@obspm.fr> References: <20100205123254.GN11310@obspm.fr> <4B748700.70409@centrale-marseille.fr> <20100212164454.GA23456@obspm.fr> <4B765EAC.9020201@centrale-marseille.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <4B765EAC.9020201@centrale-marseille.fr> User-Agent: Mutt/1.5.20 (2009-06-14) X-Miltered: at smtp-int-m.obspm.fr with ID 4B79285D.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 4B79285D.000/145.238.184.233/pcjas.obspm.fr/obspm.fr/ X-j-chkmail-Score: MSGID : 4B79285D.000 on smtp-int-m.obspm.fr : j-chkmail score : . : R=. U=. O=. B=0.020 -> S=0.020 X-j-chkmail-Status: Ham Cc: freebsd-pf@freebsd.org Subject: Re: How make the route-to working ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Feb 2010 10:56:34 -0000 Le 13/02/2010 à 09:11:24+0100, geoffroy desvernay a écrit > Albert Shih a écrit : > > OK now it's working. But I have some big trouble about the bandwith. > > > > Now when I try to do something like a scp, or ftp or wget from inside a > > jail to outside, everything work fine. The traffic go to right interface, > > the answer too. > > > > But when I try to do some network connection (ssh, scp etc..) from outside > > to a jail the bandwith is catastrophic (~40kB/s on 1Gbit/s). > > > > And for you ? > > > Using this kind of setup since at least two years for ~500 real users > without complains... (three different 'ssh jails' on the same machine > with many vlans and three "default" gateways) > OK I find the problem. It's come from TSO. If I disable TSO by sysctl everything become «normal» and works fine. Thanks again for your help. Regards. JAS -- Albert SHIH SIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Téléphone : 01 45 07 76 26/06 86 69 95 71 Heure local/Local time: Lun 15 fév 2010 11:54:01 CET