OK, I'm really convinced it has something to do with my ipf rules.
If I flush my ipf rules, things move along very quickly.

but... with the rules in place, I have problems.  I'm sure it has something to
do with rule order or keeping state, but I don't know what.  I've been going
over the HOW-TO and the FAQ, and can't find what might be wrong.

Any suggestions, or should I get on the ipfilter list?

# Default policy Deny
     block in on ne2

# Give internal net full access
     pass  out    quick on ne2 proto tcp  from any    to any  flags S 
keep state  keep frags
     pass  out    quick on ne2 proto udp  from any    to any 
keep state
     pass  out    quick on ne2 proto icmp from any    to any 
keep state

# Allow access to DHCP
     pass  in log quick on ne2 proto udp  from any port = 67  to any 
port = 68    keep state

# Send a reset instead of absolute block on ident port (for outbound mail?)
     block return-rst in log quick  on ne2  proto tcp  from any  to 
any  port = 113

# Block all icmp.
     block in log quick on ne2 proto icmp from any to any




At 9:36 PM -0700 8/8/03, David S. wrote:
>  >
>>  Yes, the connection is asymmetric.  Cable modem.  Fast download, slower
>>  upload.  The problem happens all the time, not just if I try to upload
>>  while I'm downloading though.
>
>If you were seeing down-loads hanging with concurrent upstream traffic,
>I would suspect that your upstream connection is getting saturated and
>the ACKs for the download are being choked-off.  That would cause the
>remote host to re-send packets your way, and could accout for the hang.
>You could remedy that by using 'altq' to prioritize the ACKs.  But
>since you see the problem regardless of upstream traffic ...
>
>>
>>  It's sort of like something breaks the connection, and it has to
>>  reestablish.  What would I look at to see if something like that is
>  > happening?
>