[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

slow connections file transfers through pf


I've been transferring large amounts of data over scp
and I used to get to transfer rates of up to (and
maybe over) 100k.  About two weeks ago, something
happened, and I never get this, I get transfer rates
of an annoying 10-20k (annoying when I have to
transfer over 100gb of data).

I have a Soekris net4801 running
OpenBSD 3.5-current (GENERIC) #203: Sun Jul  4
21:42:55 MDT 2004

performing NAT/PF/RDR functionalities.  Before the
suggestion is made of ACK priortization, please let me
say I have a cable modem, not ADSL, and I do believe
that ACK priortization only helps out the asymmetric
connections, and cable modem (specifically
cablevision, usa) isn't asymmetric.  Please correct me
if this isn't the case.

I looked at top, df, etc. and everything looks normal,
98% idle, filesystems at most 50%.  I've rebooted the
Soekris too, and it comes up with the same dismal
performance now.  My client has been both
Windows/WinSCP, as well as another OpenBSD scp but
sometimes it is initiating the connection from outside
to an inside server, and sometimes initiating the
connection from inside going out, always moving the
bulk of the files from inside out.  Initiating
connection from inside or outside doesn't seem to make
a difference.  All of it seems to have frustrating
performance.  And in fact when copy a file in windows
to a mapped drive on a remote system (through a cisco
software VPN), it has recently slowed to a crawl as

Is there some other command I can check to start
debugging the problem?  And I'm confused because I
always remember having good performance up until a
couple of weeks ago (transferring 4gb of data at

my pf.conf

# macros
int_if = "sis1"
ext_if = "sis0"

# tcp_services = "{ }"
icmp_types = "echoreq"


priv_nets = "{,, }"

set block-policy return
set loginterface $ext_if
scrub in all

nat on $ext_if from $int_if:network to any ->
rdr on $ext_if proto tcp from any to any port 23 ->
$webserver port 80
rdr on $ext_if proto tcp from any to any port 443 ->
$webserver port 443
rdr on $ext_if proto tcp from any to any port 22 ->
$webserver port 22

block log all
pass quick on lo0 all
block drop in  quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any        to
pass in on $ext_if inet proto tcp from any to
$webserver port { 22, 80, 443 } flags S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types keep
pass in  on $int_if from $int_if:network to any       
     keep state
pass out on $int_if from any             to
$int_if:network keep state
pass out on $ext_if proto tcp           all modulate
state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state

sorry if it's something easy I've missed. any advice

Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!

Visit your host, monkey.org