Is SCP limited in some way?
I have a pfSense box that I built to replace a router that was giving us VOIP NAT issues. The box works perfectly as a router. No speed issues whatsoever.
At night I also use the box to backup a few sites we have on another machine. I just use it as a dump really, transferring the files using SSH. For some reason, the transfer is very slow. I know the box shouldn't be used for this but I cannot see any reason for it being so slow. can anyone enlighten me? Is this a known issue? The uplink speed of the machine sending the files is just around the 2Mbit mark.
For months this box was running a different OS and sat behind the router and we had no problem with it.
This is a typical report with pfSense, using the box as the pfSense router: "Backup is complete. Final size was 744.46 MB. Total backup time was 6 hours, 18:07 minutes."
This is a typical report befor it became the pfSense router: "Backup is complete. Final size was 740.67 MB. Total backup time was 57 minutes, 01 seconds."
Your getting some really slow speeds. Is this backup being done locally in relation to the pfsense box?
In the past I was doing some tests that included a transfer of an 8GB file to a pfsense box. The transfer took less than 30mins using WinSCP. This test was done all on a local LAN.
No, sorry, I should have made this clear, it is coming in on the WAN interface.
That changes the game completely. Are you sure more bandwidth is available for allocation?
There is no problem with bandwidth as I show above these are exactly the same machines doing the sending and receiving on exactly the same WAN connections.
It seems purely related to SSH and to the firewall box itself, I can happily download at 20meg through the box, all day.
By default the system is tuned for passing traffic through the firewall, not to the box itself. That's how it's intended to be used in most scenarios :-)
Look up the sysctls for tuning squid, see if those help you.
TBH, if it is by design rather than something not working correctly then I would rather push the backup out to another server I have on the net, like I said, it works perfectly for the job it is intended to :)
Thanks for the suggestions, I will leave well alone!