Interesting… These settings shouldn’t have any impact on any connections going through the firewall.
Can you narrow it down to one specific setting of these by disabling one by one?
-Michael
On 20 Feb 2019, at 10:18, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi,
being curious, I tested commit https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=d03916e55851a243594ebf6f... on my Core 127 / 32bit IPFire.
At first I didn't notice any differences, system was running as usual. No important performance impact or change.
But yesterday, while starting some bigger downloads and closely watching, I noticed that everytime someone started to download a somewhat bigger file, e.g. 250-800 MB, downloading rates went down to a crawl. Some downloads even aborted and nearly all where amazingly slow (~150KB/s, normal: ~6.5 MB/s).
Restarting our Fritzbox and IPFire itself didn't help, all downloads stayed that way.
After reverting the above commit in '/etc/sysctl.conf' and running 'sysctl -p', system is running at full speed again: VDSL, 50Mbit down / 10Mbit up.
Configuration: Duo Box with Core 127/32bit. Running 'privoxy 3.0.28', 'squid 4.6' (non-transparent, 512 MB RAM only), 'squidguard 1.5 beta', 'squidclamav', 'snort / guardian', 'unbound 1.9.0' with DoT/TFO.
Could someone please test and confirm (or not ;-) ).
Best, Matthias