PF slowing down file copies

José Pablo Fernández pablo.fernandez at rs.com.ar
Wed Feb 21 18:49:52 UTC 2007


On Wednesday 21 February 2007 15:38, J65nko wrote:
> On 2/21/07, José Pablo Fernández <pablo.fernandez at rs.com.ar> wrote:
> > Hello,
> > I have a FreeBSD 6.2 acting as router between two LANs and the internet.
> > I am using PF on it for filtering and I am allowing all the traffic to
> > pass by between the two LANs:
> >
> > pass from $lan0:network to $lan1:network keep state
> > pass from $lan1:network to $lan0:network keep state
> >
> > My problem is that when I copy a file from one network to the other, the
> > first 128KB seems to be copied instantaneously, the second 128KB take
> > more than two minutes and I've seen the third 128KB being copied very
> > rarely. This is using Secure CoPy.
> > If I copy the file to the router and from the router to the other
> > computer, it just works. And it seems people copying files with SMB
> > (Window's protocol) have found the same problem.
> > Any ideas what might be going on?
> > Thanks.
>
> For keeping state on TCP connections you should only create state on
> the first packet of the 3 way TCP handshake. Using "flags S/SA" will
> ensure this. This will prevent problems with TCP windows scaling..

Thank you. That solved it.

> For a more detailed explanation and  some suggestions see the 3 part
> series about the pf firewall starting at
> http://undeadly.org/cgi?action=article&sid=20060927091645

Thank you!
-- 
José Pablo Fernández
pablo.fernandez at rs.com.ar


More information about the freebsd-questions mailing list