pf + ftp throughput
J.D. Bronson
jbronson at wixb.com
Fri Jun 16 18:59:05 UTC 2006
given the following rules:
# Permit internal network to send packets through the firewall
pass in quick on $INT_IF from $INT_IF:network to any flags S/SA keep state
# Permit traffic from firewall to initiate connection to internal network:
pass out quick on $INT_IF from any to $INT_IF:network flags S/SA keep state
..I have noticed that if I use 'keep state' ftp rates are fine
(machine to machine...not via ftp-proxy) but if I change this to
'modulate state'
my ftp rates fall...
For example...moving a 50MB file:
'keep state' = 11-12MB/sec over 100MB-FDX
'modulate state = 6-7MB/sec over 100MB-FDX
..it took me a while to determine the culprit here - but I am curious
as to why this is the case?
More information about the freebsd-questions
mailing list