Jail - PF - NAT - Network Performance

[James Lodge]

Dear All,


I wonder if you'd be so kind as to help/point me in the right direction in order to fix a network performance issue I seem to have.


I currently have a FreeBSD 10.1 host running on Digital Ocean. I have multiple jails and I'm not using vimage.


I'm using PF on the host to NAT traffic from said jails and all is working as expected. I have a jail running OpenVPN and clients can connect and traffic is routed to the Internet down the tunnel via PF/NAT. The issue I'm seeing is download speeds to the client from the Internet on the external side on PF. Upload always seem reasonable, but download is always woeful. I'm using a Windows machine as the client if that make any odds.


I've narrowed it down to be PF/NAT/External Interface (possibly) as I have a web server in another jail on the same host. The web server is hosting a 1GB file. If I download the 1GB using the web server's private IP address down the OpenVPN tunnel I get a reasonable speed of about 2MB/s where as downloading the same 1GB file from a public web server via the OpenVPN tunnel (so going through PF/NAT on the host) results in 30KB/s maximum. Just to reiterate the point, the web server running on the FreeBSD host on DO is publicly accessible on the Internet. If I disconnect my OpenVPN and use the public IP to download the 1GB I get 5-6MB/s which is the speed on my VDSL2 circuit.


Any help massively appreciated


Regards

James