Interesting… These settings shouldn’t have any impact on any connections going through the firewall.

Can you narrow it down to one specific setting of these by disabling one by one?

-Michael

> On 20 Feb 2019, at 10:18, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> 
> Hi,
> 
> being curious, I tested commit
> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=d03916e55851a243594ebf6f0c20c8f6d9092277
> on my Core 127 / 32bit IPFire.
> 
> At first I didn't notice any differences, system was running as usual.
> No important performance impact or change.
> 
> But yesterday, while starting some bigger downloads and closely
> watching, I noticed that everytime someone started to download a
> somewhat bigger file, e.g. 250-800 MB, downloading rates went down to a
> crawl. Some downloads even aborted and nearly all where amazingly slow
> (~150KB/s, normal: ~6.5 MB/s).
> 
> Restarting our Fritzbox and IPFire itself didn't help, all downloads
> stayed that way.
> 
> After reverting the above commit in '/etc/sysctl.conf' and running
> 'sysctl -p', system is running at full speed again: VDSL, 50Mbit down /
> 10Mbit up.
> 
> Configuration:
> Duo Box with Core 127/32bit. Running 'privoxy 3.0.28', 'squid 4.6'
> (non-transparent, 512 MB RAM only), 'squidguard 1.5 beta',
> 'squidclamav', 'snort / guardian', 'unbound 1.9.0' with DoT/TFO.
> 
> Could someone please test and confirm (or not ;-) ).
> 
> Best,
> Matthias