Slow NIC port?
-
@stephenw10 said in Slow NIC port?:
Mmm, I assume that is not a 100Mb link if it previously carried 200Mbps?
I'm sorry my previous comment of 200Mbps on the DMZ port was incorrect. I've recently upgraded from cable to fiber and my LAN connection is 200Mbps (and WAN). I guess I didn't specifically check the DMZ port. But it the past it has been the max speed of the cable which was ~100Mbps. I could stream video off the DMZ but I can't any longer. This is what I get with speettest.
What does the port at the other end show?
At the other end of the DMZ portCAT5 cable? If I plug my laptop directly into the DMZ port on the back of the pfSense box or at the end of the DMZ cable that is plugged into the ASUS router I get the results shown above.
This is what I'm getting out of the LAN port. Nice ping huh! Ran it again and got a 1ms.
-
Ok. What about errors on the interface? Any shown in Status > Interfaces?
Do you see the same speeds in a local test? Between LAN and DMZ for example?
Steve
-
@stephenw10 I see no errors in Status -> Inteface
How do I run a local test between LAN and DMZ?
-
Well I would try to use iperf to test because it give most repeatable results and you can test in different ways. You can get iperf clients for any OS so test between hosts on each subnet.
But you could just try moving a file for example. You are just trying to see if it's still limited to 3Mbps which should be pretty obvious.Steve
-
@stephenw10
The following is iperf3 data between my wireless laptop and my desktop. The first run is with both machines on my LAN. The second I logged the laptop on to my DMZ WiFi. Of course I had to temporarily add a pfSense rule to allow traffic from the laptop on my DMZ network to the desktop on my LAN.----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Accepted connection from 192.168.30.207, port 53077 [ 5] local 192.168.30.204 port 5201 connected to 192.168.30.207 port 53078 [ ID] Interval Transfer Bandwidth [ 5] 0.00-1.00 sec 8.50 MBytes 71.2 Mbits/sec [ 5] 1.00-2.00 sec 8.92 MBytes 74.9 Mbits/sec [ 5] 2.00-3.00 sec 9.62 MBytes 80.7 Mbits/sec [ 5] 3.00-4.00 sec 10.2 MBytes 85.7 Mbits/sec [ 5] 4.00-5.00 sec 10.2 MBytes 85.5 Mbits/sec [ 5] 5.00-6.00 sec 9.37 MBytes 78.6 Mbits/sec [ 5] 6.00-7.00 sec 10.2 MBytes 85.3 Mbits/sec [ 5] 7.00-8.00 sec 10.9 MBytes 91.4 Mbits/sec [ 5] 8.00-9.00 sec 11.1 MBytes 93.0 Mbits/sec [ 5] 9.00-10.00 sec 10.5 MBytes 88.0 Mbits/sec [ 5] 10.00-10.07 sec 771 KBytes 87.5 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth [ 5] 0.00-10.07 sec 0.00 Bytes 0.00 bits/sec sender [ 5] 0.00-10.07 sec 100 MBytes 83.5 Mbits/sec receiver ----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Accepted connection from 192.168.31.196, port 49231 [ 5] local 192.168.30.204 port 5201 connected to 192.168.31.196 port 49233 [ ID] Interval Transfer Bandwidth [ 5] 0.00-1.00 sec 185 KBytes 1.52 Mbits/sec [ 5] 1.00-2.00 sec 7.13 KBytes 58.4 Kbits/sec [ 5] 2.00-3.00 sec 205 KBytes 1.68 Mbits/sec [ 5] 3.00-4.00 sec 632 KBytes 5.17 Mbits/sec [ 5] 4.00-5.00 sec 419 KBytes 3.44 Mbits/sec [ 5] 5.00-6.00 sec 200 KBytes 1.63 Mbits/sec [ 5] 6.00-7.00 sec 99.8 KBytes 817 Kbits/sec [ 5] 7.00-8.00 sec 20.0 KBytes 164 Kbits/sec [ 5] 8.00-9.00 sec 238 KBytes 1.95 Mbits/sec [ 5] 9.00-10.00 sec 197 KBytes 1.61 Mbits/sec [ 5] 10.00-10.18 sec 58.5 KBytes 2.71 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth [ 5] 0.00-10.18 sec 0.00 Bytes 0.00 bits/sec sender [ 5] 0.00-10.18 sec 2.21 MBytes 1.82 Mbits/sec receiver -
Do you see the same restriction in both directions?
-
@stephenw10
I've added the following floating temporary rule and I can ping from the DMZ (192.168.31.196) to my desktop (192.168.30.204), but I can't ping from my desktop back to the notebook computer on the DMZ.
-
The notebook in the DMZ may be blocking it.
Really though the only things that can be causing this in pfSense are a low level network issue, but that looks OK, or traffic shaping. So do you have any shaping configured? Either Limiters or AltQ?
If not then I'd be looking at the other equipment in the path, so the AP or any switches. Try connecting the notebook directly to em2.
Steve
-
@stephenw10 I turned off the MS Firewall on the notebook computer and I could ping both ways..... go figure.
Running iperf server on the DMZ notebook I get the following.
C:\Users\TAC\Desktop\Utilities\iPerf 3.1.3\iperf-3.1.3-win64\iperf-3.1.3-win64> C:\Users\TAC\Desktop\Utilities\iPerf 3.1.3\iperf-3.1.3-win64\iperf-3.1.3-win64>iperf3 -c 192.168.31.196 Connecting to host 192.168.31.196, port 5201 [ 4] local 192.168.30.204 port 49168 connected to 192.168.31.196 port 5201 [ ID] Interval Transfer Bandwidth [ 4] 0.00-1.00 sec 11.2 MBytes 94.3 Mbits/sec [ 4] 1.00-2.00 sec 11.2 MBytes 94.4 Mbits/sec [ 4] 2.00-3.00 sec 11.2 MBytes 94.3 Mbits/sec [ 4] 3.00-4.00 sec 11.4 MBytes 95.5 Mbits/sec [ 4] 4.00-5.00 sec 11.2 MBytes 94.3 Mbits/sec [ 4] 5.00-6.00 sec 11.1 MBytes 93.5 Mbits/sec [ 4] 6.00-7.00 sec 11.0 MBytes 92.2 Mbits/sec [ 4] 7.00-8.00 sec 11.4 MBytes 95.4 Mbits/sec [ 4] 8.00-9.00 sec 11.2 MBytes 94.5 Mbits/sec [ 4] 9.00-10.00 sec 11.4 MBytes 95.3 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth [ 4] 0.00-10.00 sec 112 MBytes 94.4 Mbits/sec sender [ 4] 0.00-10.00 sec 112 MBytes 94.3 Mbits/sec receiver iperf Done.Previous data was running iperf server on the LAN desktop.
Also, not traffic shaping and I get the same slow DMZ results if I plug my notebook computer directly into the DMZ port on the back of the pfSense box.
-
OK, so by default in iperf the client sends to the server. So it looks like your restriction is inbound on the DMZ interface.
If there are no errors on the DMZ interface the only thing that could do that in pfSense is shaping. If you have no shaping in place I'd be looking at something else. Since you say this happens on a backup pfSense box (is that swapping out the box completely?) it must be something common to both.Steve
-
@stephenw10 I really appreciate your help on this!
My backup box is an identical old Dell computer (Intel Core2 CPU 4300 @ 1.80GHz).
I previously posted the error status of the DMZ interface so that should be good.
I've never messed with shaping, but where should I double check that?
-
This looks good, this is the DMZ interface.
-
Check the 'By Queue' tab and make sure there are none. Then check the Limiters tab and make sure none show there either.
Next test I'd do would be running iperf on pfSense itself so you're only testing one NIC. There is an iperf3 package you can install to do that.
However this all points to some hardware commonality.
Steve
-
@stephenw10
By Queue was blankLimiters | Limit_in and Limit Out were both enabled. I have no idea why. I'll uncheck the Enable button on both and see what happens. Where would these settings be tied to the DMZ interface?
-
@stephenw10
OGM I un-enabled them and now get this on my DMZ.
I know you think I'm an idiot, but I honestly don't remember messing with any of that stuff. I don't consider myself skilled enough to mess with anything but a few rules..... and I'm still not too sure about that.
Thanks again for all your help!
Even if I messed with it on my main pfSense box, I don't know how it would have got changed on my backup box.
-
Aha! That would do it.
They will be applied via a firewall rules on the DMZ interface. You will see it gas advanced options set. Though your floating rule should have applied before that so check for other floating rules that might apply.
Steve
