> I got one step further. tracerout shows that route from inside (A) > outside (B) is A->F->B with F being my firewall. > > But route from B to A goes through the router. I've setup all hosts > in the subnet in front of the firewall to route their packets through > the router R that our data center configured for this subnet. > > Thus it's B->R->F->A. The same happens for ipv4, no ->R-> when > sending from A to B, but via R from B to A. While it's fast for > ipv4, it's slow for ipv6. So I added a route for the internal > subnet to the routing table of B so that the trace now shows > B->F->A. And then the copying between A and B is at full speed > of 112MB/s.
Hi Frank, So, R, B, and F all have legs on a common network segment, right? And B probably points to R for default gateway? Does B have routes in its table so that it knows to point to F in order to reach B? If not, it is sending packets to R, who is probably returning ICMP redirects to B. Perhaps B is dropping them? A tcpdump on R, B, and F might help show you what's going on. --Matt
