On Mon, Jul 28, 2008 at 05:28:58PM -0500, Fred Newtz wrote: > I have two machines setup on OpenBSD with PF, Carp and pfsync. They are > acting as a NAT device between the internet and a few servers located at > my colocation facility. I am not trying to do anything too fancy here, > I just want some basic protection. > > The problem I am having is that when a new connection is started, there > is a huge delay while I am waiting for a response from one of my > machines. For example: > > I try to ssh into a web server. It takes about 20 seconds for the > password prompt to appear. But when I am inside the network and ssh > from one machine to another the password prompt opens immediately. When > I visit one of my web pages the first page seems to load properly, but > when a link is clicked, there is a long delay and then the page loads > quickly after the long delay.
Alas, I'm too tired to review your ruleset, but I don't think it matters anyways. Delays of the variety you've described scream "DNS". Check your resolvers and your authoritative nameservers to make sure everything operates as expected. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
