PF slowing down file copies
j65nko at gmail.com
Wed Feb 21 18:38:40 UTC 2007
On 2/21/07, José Pablo Fernández <pablo.fernandez at rs.com.ar> wrote:
> I have a FreeBSD 6.2 acting as router between two LANs and the internet. I am
> using PF on it for filtering and I am allowing all the traffic to pass by
> between the two LANs:
> pass from $lan0:network to $lan1:network keep state
> pass from $lan1:network to $lan0:network keep state
> My problem is that when I copy a file from one network to the other, the first
> 128KB seems to be copied instantaneously, the second 128KB take more than two
> minutes and I've seen the third 128KB being copied very rarely. This is using
> Secure CoPy.
> If I copy the file to the router and from the router to the other computer, it
> just works. And it seems people copying files with SMB (Window's protocol)
> have found the same problem.
> Any ideas what might be going on?
For keeping state on TCP connections you should only create state on
the first packet of the 3 way TCP handshake. Using "flags S/SA" will
ensure this. This will prevent problems with TCP windows scaling..
For a more detailed explanation and some suggestions see the 3 part
series about the pf firewall starting at
BTW The author of these 3 articles is Daniel Hartmeier, principal
developer of pf. ;)
More information about the freebsd-questions