Reza Muhammad wrote: > > Hi guys, > > I'm having a problem with my Internet connection in my home network. I > noticed that \ > my Internet connection has been very slow since I upgraded to -current a week > ago. \ > First, I thought it was just my ISP problem. Then, I tried to connect to the > \ > Internet directly from my laptop, it worked fine.
Did it happen before the upgrade? What were you running before? > I noticed that the Internet is slowing down when pf is enabled. I changed my > pf.conf \ > to only do nat, and scrub incoming packets, but it is still slow. Here's the > output \ > of 'ping' to the Internet. [snip] > > noticed that the connection is more than 4 times slower? > > # here's my pf settings > [EMAIL PROTECTED]:~% sudo pfctl -sa > TRANSLATION RULES: > nat on sis0 inet from 192.168.1.0/24 to any -> (sis0:0) > > FILTER RULES: > scrub in all fragment reassemble > pass in all flags S/SA keep state > pass out all flags S/SA keep state > No queue in use > [snip] > > my home network is on 192.168.1.0/24, but I see a lot of connections with > state \ > NO_TRAFFIC:SINGLE that are from other networks (I'm assuming they are coming > from my \ > ISP's network). Can someone help me out here? Would hardware be the problem? > I just \ > thought that if the network card was broken, it should just not work right? > Rather \ > than the connection being slower? Anyway, let me just post my dmesg also There is a lot of external broadcast traffic they are probably the cause of the large number of state insertions/deletions. They are either a badly designed p2p/broadcast/whatever protocol, or the result of the worm/malware of the month. Can you add block drop in quick on sis0 all at the start of your ruleset? This way the external traffic does not create states at all. Can -- In theory, there is no difference between theory and practice. But, in practice, there is.
