Performance problem w/pf using reply-to on FreeBSD 8.1
Kevin Way
kevin.way at gmail.com
Tue Aug 31 23:25:18 UTC 2010
After upgrading to 8.1, I'm having a severe performance problem, that's throttling connections down to about 5kb/sec. The same configuration works flawlessly on 8.0. The rest of the ruleset works fine, our problem is just with this one line.
(uname -a)
FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010
root at mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
(pf.conf)
jailhost_if="vlan34"
jailhost_gateway="10.11.34.1"
jailhost_network="10.11.34.0/24"
pass in quick on $jailhost_if reply-to ($jailhost_if $jailhost_gateway) \
from !$jailhost_network to $jailhost_network keep state label "Jailhost inbound"
(what happens almost instantly after a connection is initiated)
# pfctl -vvsl | grep "Jailhost inbound"
Jailhost inbound 35734 269954511 408697347239 134975646 10797967079 134978865 397899380160
Any help would be greatly appreciated.
Regards,
Kevin Way
More information about the freebsd-pf
mailing list