Hi, On 21.02.2019 10:33, Michael Tremer wrote: > On 21 Feb 2019, at 00:36, Matthias Fischer wrote: >> >> Hi, >> >> On 20.02.2019 16:40, Michael Tremer wrote: >>> Interesting… These settings shouldn’t have any impact on any connections going through the firewall. >> ... >> ... >>> Can you narrow it down to one specific setting of these by disabling one by one? >> ... Yes. And I finished testing: I would say: "case can be closed". I wasn't able to track this down to one of the tuned parameters of the commit cited below. Must be another reason. I activated options one by one and tested with simple 1GB / 5GB download files from Netcologne and Hetzner. Now all parameters are active again => downloads still run at normal speed. This means 7.0MB/sec - with peaks at 7.6MB/sec - which is absolutely ok for our line. Mostly it happened in the evening or at night. I'll see what happens then. Best, Matthias >> >>> -Michael >>> >>>> On 20 Feb 2019, at 10:18, Matthias Fischer wrote: >>>> >>>> Hi, >>>> >>>> being curious, I tested commit >>>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=d03916e55851a243594ebf6f0c20c8f6d9092277 >>>> on my Core 127 / 32bit IPFire. >>>> >>>> At first I didn't notice any differences, system was running as usual. >>>> No important performance impact or change. >>>> >>>> But yesterday, while starting some bigger downloads and closely >>>> watching, I noticed that everytime someone started to download a >>>> somewhat bigger file, e.g. 250-800 MB, downloading rates went down to a >>>> crawl. Some downloads even aborted and nearly all where amazingly slow >>>> (~150KB/s, normal: ~6.5 MB/s). >>>> >>>> Restarting our Fritzbox and IPFire itself didn't help, all downloads >>>> stayed that way. >>>> >>>> After reverting the above commit in '/etc/sysctl.conf' and running >>>> 'sysctl -p', system is running at full speed again: VDSL, 50Mbit down / >>>> 10Mbit up. >>>> >>>> Configuration: >>>> Duo Box with Core 127/32bit. Running 'privoxy 3.0.28', 'squid 4.6' >>>> (non-transparent, 512 MB RAM only), 'squidguard 1.5 beta', >>>> 'squidclamav', 'snort / guardian', 'unbound 1.9.0' with DoT/TFO. >>>> >>>> Could someone please test and confirm (or not ;-) ). >>>> >>>> Best, >>>> Matthias