Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Slow NIC port?

    Scheduled Pinned Locked Moved General pfSense Questions
    22 Posts 3 Posters 2.1k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • TAC57T Offline
      TAC57 @stephenw10
      last edited by

      @stephenw10
      I've added the following floating temporary rule and I can ping from the DMZ (192.168.31.196) to my desktop (192.168.30.204), but I can't ping from my desktop back to the notebook computer on the DMZ.

      cf17548a-fcbc-49ad-b751-40637d2af34d-image.png

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        The notebook in the DMZ may be blocking it.

        Really though the only things that can be causing this in pfSense are a low level network issue, but that looks OK, or traffic shaping. So do you have any shaping configured? Either Limiters or AltQ?

        If not then I'd be looking at the other equipment in the path, so the AP or any switches. Try connecting the notebook directly to em2.

        Steve

        TAC57T 1 Reply Last reply Reply Quote 0
        • TAC57T Offline
          TAC57 @stephenw10
          last edited by TAC57

          @stephenw10 I turned off the MS Firewall on the notebook computer and I could ping both ways..... go figure.

          Running iperf server on the DMZ notebook I get the following.

          C:\Users\TAC\Desktop\Utilities\iPerf 3.1.3\iperf-3.1.3-win64\iperf-3.1.3-win64>
          C:\Users\TAC\Desktop\Utilities\iPerf 3.1.3\iperf-3.1.3-win64\iperf-3.1.3-win64>iperf3 -c 192.168.31.196
          Connecting to host 192.168.31.196, port 5201
          [  4] local 192.168.30.204 port 49168 connected to 192.168.31.196 port 5201
          [ ID] Interval           Transfer     Bandwidth
          [  4]   0.00-1.00   sec  11.2 MBytes  94.3 Mbits/sec
          [  4]   1.00-2.00   sec  11.2 MBytes  94.4 Mbits/sec
          [  4]   2.00-3.00   sec  11.2 MBytes  94.3 Mbits/sec
          [  4]   3.00-4.00   sec  11.4 MBytes  95.5 Mbits/sec
          [  4]   4.00-5.00   sec  11.2 MBytes  94.3 Mbits/sec
          [  4]   5.00-6.00   sec  11.1 MBytes  93.5 Mbits/sec
          [  4]   6.00-7.00   sec  11.0 MBytes  92.2 Mbits/sec
          [  4]   7.00-8.00   sec  11.4 MBytes  95.4 Mbits/sec
          [  4]   8.00-9.00   sec  11.2 MBytes  94.5 Mbits/sec
          [  4]   9.00-10.00  sec  11.4 MBytes  95.3 Mbits/sec
          - - - - - - - - - - - - - - - - - - - - - - - - -
          [ ID] Interval           Transfer     Bandwidth
          [  4]   0.00-10.00  sec   112 MBytes  94.4 Mbits/sec                  sender
          [  4]   0.00-10.00  sec   112 MBytes  94.3 Mbits/sec                  receiver
          
          iperf Done.
          

          Previous data was running iperf server on the LAN desktop.

          Also, not traffic shaping and I get the same slow DMZ results if I plug my notebook computer directly into the DMZ port on the back of the pfSense box.

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            OK, so by default in iperf the client sends to the server. So it looks like your restriction is inbound on the DMZ interface.
            If there are no errors on the DMZ interface the only thing that could do that in pfSense is shaping. If you have no shaping in place I'd be looking at something else. Since you say this happens on a backup pfSense box (is that swapping out the box completely?) it must be something common to both.

            Steve

            TAC57T 1 Reply Last reply Reply Quote 0
            • TAC57T Offline
              TAC57 @stephenw10
              last edited by

              @stephenw10 I really appreciate your help on this!

              My backup box is an identical old Dell computer (Intel Core2 CPU 4300 @ 1.80GHz).

              I previously posted the error status of the DMZ interface so that should be good.

              I've never messed with shaping, but where should I double check that?

              TAC57T 1 Reply Last reply Reply Quote 0
              • TAC57T Offline
                TAC57 @TAC57
                last edited by

                This looks good, this is the DMZ interface.

                087d0bf3-6a12-496d-95d3-deca3976e748-image.png

                1 Reply Last reply Reply Quote 0
                • stephenw10S Offline
                  stephenw10 Netgate Administrator
                  last edited by

                  Check the 'By Queue' tab and make sure there are none. Then check the Limiters tab and make sure none show there either.

                  Next test I'd do would be running iperf on pfSense itself so you're only testing one NIC. There is an iperf3 package you can install to do that.

                  However this all points to some hardware commonality.

                  Steve

                  TAC57T 2 Replies Last reply Reply Quote 0
                  • TAC57T Offline
                    TAC57 @stephenw10
                    last edited by

                    @stephenw10
                    By Queue was blank

                    Limiters | Limit_in and Limit Out were both enabled. I have no idea why. I'll uncheck the Enable button on both and see what happens. Where would these settings be tied to the DMZ interface?

                    c3a78cc9-6b8d-4acc-806e-f0fe46dd0a86-image.png

                    1 Reply Last reply Reply Quote 0
                    • TAC57T Offline
                      TAC57 @stephenw10
                      last edited by TAC57

                      @stephenw10
                      OGM I un-enabled them and now get this on my DMZ.

                      f54c352c-1b69-4376-bb40-b17723c8010b-image.png

                      I know you think I'm an idiot, but I honestly don't remember messing with any of that stuff. I don't consider myself skilled enough to mess with anything but a few rules..... and I'm still not too sure about that.

                      Thanks again for all your help!

                      Even if I messed with it on my main pfSense box, I don't know how it would have got changed on my backup box.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by

                        Aha! That would do it. 😉

                        They will be applied via a firewall rules on the DMZ interface. You will see it gas advanced options set. Though your floating rule should have applied before that so check for other floating rules that might apply.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.