Date: Wed, 21 Feb 2007 19:38:39 +0100 From: J65nko <j65nko@gmail.com> To: "=?ISO-8859-1?Q?Jos=E9_Pablo_Fern=E1ndez?=" <pablo.fernandez@rs.com.ar> Cc: freebsd-questions@freebsd.org Subject: Re: PF slowing down file copies Message-ID: <19861fba0702211038p3144271ey1e30cf67311678ef@mail.gmail.com> In-Reply-To: <200702202021.55723.pablo.fernandez@rs.com.ar> References: <200702202021.55723.pablo.fernandez@rs.com.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/21/07, Jos=E9 Pablo Fern=E1ndez <pablo.fernandez@rs.com.ar> wrote: > Hello, > I have a FreeBSD 6.2 acting as router between two LANs and the internet. = I am > using PF on it for filtering and I am allowing all the traffic to pass by > between the two LANs: > > pass from $lan0:network to $lan1:network keep state > pass from $lan1:network to $lan0:network keep state > > My problem is that when I copy a file from one network to the other, the = first > 128KB seems to be copied instantaneously, the second 128KB take more than= two > minutes and I've seen the third 128KB being copied very rarely. This is u= sing > Secure CoPy. > If I copy the file to the router and from the router to the other compute= r, it > just works. And it seems people copying files with SMB (Window's protocol= ) > have found the same problem. > Any ideas what might be going on? > Thanks. For keeping state on TCP connections you should only create state on the first packet of the 3 way TCP handshake. Using "flags S/SA" will ensure this. This will prevent problems with TCP windows scaling.. For a more detailed explanation and some suggestions see the 3 part series about the pf firewall starting at http://undeadly.org/cgi?action=3Darticle&sid=3D20060927091645 BTW The author of these 3 articles is Daniel Hartmeier, principal developer of pf. ;) [big snip] =3DAdriaan=3D
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19861fba0702211038p3144271ey1e30cf67311678ef>