Hi I have a redundant firewall with CARP. 3.6 STABLE plus all patches from CVS for stable (updated last week). The firewalls have 7 nic ports each. External, internal, pfsync and 4 dmz interfaces. The servers are firewalls, DNS, mailrelay, antivirus, spamkillern ntp and dhcp for internal hosts. Everything works perfect! Except for the facts that sessions are stalling during transfers of big files. I have tried to remove "aggressive timeouts", "adaptive timeouts" and "scrub" without success. It doesn't matter if the transfer goes over NAT from Lan to internet or from a real IP on dmz2 to the internet. We have tried many different protocols such as SSH, amanda and more.
Turning on -x loud give ALOT of the below (maybe irrelevant??) --snip-- Nov 8 00:49:53 san /bsd: pfsync: ignoring stale update (3) id: 4367413c000b4c76 creatorid: e31b4f22 Nov 8 00:49:53 san /bsd: pfsync: ignoring stale update (3) id: 4367413c000b4c75 creatorid: e31b4f22 Nov 8 00:49:53 san /bsd: pfsync: ignoring stale update (3) id: --snip-- Nothing comes up as blocked in the firewall log when a session is stalling. I have Intel 10/100 (fxp nics) and Soekris lan1641 quad boards (sis nics) Don't look to close to the queuing stuff as it's not complete. The rows from Firewall-1 pf.conf (primary) on the link below. http://www.incedo.org/~sjoholmp/pf/pf.conf (secondary FW have exactly the same pf.conf) Any suggestions? Will go to OBSD 3.8 in January but need this working now... Thanks in advance Per-Olov Sjöholm
pgpIOpDitTcbV.pgp
Description: PGP signature
