Hello all,
I find out that speed of downloading (from samba resources, www, etc) from my FreeBSD 7.4 in internal network is about 170-400 KB/s in maximum. If I turn off PF firewall, then speed of downloading is about 12 MB/s (~100 Mbit/s).
Configuration of PF (pf.conf)
fxp0 - internal network (LAN) 169.254.107.0/24
server - 169.254.107.8
fxp1 - now not in use, but it will in future. This interface is connected to another inernet channel (ISP2). If I'll comment two lines (pass in quick), then I'll able to connect to only one interface from outside of the network, which corresponds to defaultrouter in rc.conf. For example, if in rc.conf defaultrouter is 169.254.107.1, then I can connect through fxp0, but I cannot through fxp1.
If I comment line with pass in quick on fxp0, then speed becomes ~100Mbit/s.
Can anybody explain this behavior of PF? How shall I tune PF in order to speed in LAN will 100 Mbit/s and leave possibility connect to server with different interfaces?
I find out that speed of downloading (from samba resources, www, etc) from my FreeBSD 7.4 in internal network is about 170-400 KB/s in maximum. If I turn off PF firewall, then speed of downloading is about 12 MB/s (~100 Mbit/s).
Configuration of PF (pf.conf)
Code:
set state-policy if-bound
pass inet proto icmp all icmp-type { echoreq , unreach}
pass in quick on fxp0 \
reply-to ( fxp0 169.254.107.1 ) \
proto tcp from any to any \
keep state ( floating )
pass in quick on fxp1 \
reply-to ( fxp1 192.168.2.1 ) \
proto tcp from any to any \
keep state ( floating )
fxp0 - internal network (LAN) 169.254.107.0/24
server - 169.254.107.8
fxp1 - now not in use, but it will in future. This interface is connected to another inernet channel (ISP2). If I'll comment two lines (pass in quick), then I'll able to connect to only one interface from outside of the network, which corresponds to defaultrouter in rc.conf. For example, if in rc.conf defaultrouter is 169.254.107.1, then I can connect through fxp0, but I cannot through fxp1.
If I comment line with pass in quick on fxp0, then speed becomes ~100Mbit/s.
Can anybody explain this behavior of PF? How shall I tune PF in order to speed in LAN will 100 Mbit/s and leave possibility connect to server with different interfaces?