Setting up a router/firewall...

[Erik Thorsson <ethorsson_(_at_)_neoprimitive_(_dot_)_net>]

OK, a possibly newbish post here, so I'll expect abuse.

I have a 233MHz P2 with ~196MB RAM I'm setting up as a firewall/router 
for my LAN at home.  I got things working as per the manuals, but...

When I ping my 2.4GHz laptop from the firewall/router I get results like...

64 bytes from 192.168.1.127: icmp_seq=20 ttl=64 time=6.535 ms
64 bytes from 192.168.1.127: icmp_seq=21 ttl=64 time=4.563 ms
64 bytes from 192.168.1.127: icmp_seq=22 ttl=64 time=2.590 ms
64 bytes from 192.168.1.127: icmp_seq=23 ttl=64 time=0.607 ms
64 bytes from 192.168.1.127: icmp_seq=24 ttl=64 time=6.437 ms
64 bytes from 192.168.1.127: icmp_seq=25 ttl=64 time=1.130 ms
64 bytes from 192.168.1.127: icmp_seq=26 ttl=64 time=2.482 ms
64 bytes from 192.168.1.127: icmp_seq=27 ttl=64 time=0.508 ms
64 bytes from 192.168.1.127: icmp_seq=28 ttl=64 time=6.337 ms
64 bytes from 192.168.1.127: icmp_seq=29 ttl=64 time=4.363 ms
--- 192.168.1.127 ping statistics ---
30 packets transmitted, 30 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.399/3.225/6.957/2.220 ms


But when I ping from the laptop to the firewall/router I get results like...

64 bytes from 192.168.1.225: icmp_seq=1059 ttl=255 time=0.225 ms
64 bytes from 192.168.1.225: icmp_seq=1060 ttl=255 time=0.223 ms
64 bytes from 192.168.1.225: icmp_seq=1061 ttl=255 time=0.215 ms
64 bytes from 192.168.1.225: icmp_seq=1062 ttl=255 time=0.220 ms
64 bytes from 192.168.1.225: icmp_seq=1063 ttl=255 time=0.218 ms
64 bytes from 192.168.1.225: icmp_seq=1064 ttl=255 time=0.219 ms
64 bytes from 192.168.1.225: icmp_seq=1065 ttl=255 time=0.220 ms
64 bytes from 192.168.1.225: icmp_seq=1066 ttl=255 time=0.259 ms
64 bytes from 192.168.1.225: icmp_seq=1067 ttl=255 time=0.218 ms

--- 192.168.1.225 ping statistics ---
1067 packets transmitted, 1067 received, 0% packet loss, time 1066070ms
rtt min/avg/max/mdev = 0.184/0.230/0.384/0.021 ms

It's not just the laptop, either.  I get the same kind results from 
other machines on the network.  Pinging the router/firewall box is very 
fast, but pinging from the router/firewall to the other clients on the 
network is very inconsistent/slow.

Also...

laptop# ping -f -c 100000 192.168.1.225
PING 192.168.1.225 (192.168.1.225) 56(84) bytes of data.

--- 192.168.1.225 ping statistics ---
100000 packets transmitted, 100000 received, 0% packet loss, time 30153ms
rtt min/avg/max/mdev = 0.154/0.176/0.644/0.018 ms, ipg/ewma 0.301/0.176 ms


firewall# ping -f -c 100000 192.168.1.127
PING 192.168.1.127 (192.168.1.127): 56 data bytes
--- 192.168.1.127 ping statistics 
---........................................
100076 packets transmitted, 100000 packets received, 0.1% packet loss
round-trip min/avg/max/std-dev = 0.294/51.861/114.977/34.758 ms


Pinging my laptop from another client on the LAN:

64 bytes from 192.168.1.127: icmp_seq=14 ttl=64 time=0.142 ms
64 bytes from 192.168.1.127: icmp_seq=15 ttl=64 time=0.142 ms
64 bytes from 192.168.1.127: icmp_seq=16 ttl=64 time=0.142 ms
64 bytes from 192.168.1.127: icmp_seq=17 ttl=64 time=0.142 ms
64 bytes from 192.168.1.127: icmp_seq=18 ttl=64 time=0.144 ms
64 bytes from 192.168.1.127: icmp_seq=19 ttl=64 time=0.141 ms
64 bytes from 192.168.1.127: icmp_seq=20 ttl=64 time=0.143 ms
64 bytes from 192.168.1.127: icmp_seq=21 ttl=64 time=0.142 ms
64 bytes from 192.168.1.127: icmp_seq=22 ttl=64 time=0.139 ms

--- 192.168.1.127 ping statistics ---
22 packets transmitted, 22 received, 0% packet loss, time 20997ms
rtt min/avg/max/mdev = 0.123/0.149/0.339/0.044 ms


Is this likely a pf configuration issue?

Can I post anything else that would be useful in diagnosis?

-E