Slow NIC port?
-
@stephenw10
I've added the following floating temporary rule and I can ping from the DMZ (192.168.31.196) to my desktop (192.168.30.204), but I can't ping from my desktop back to the notebook computer on the DMZ.
-
The notebook in the DMZ may be blocking it.
Really though the only things that can be causing this in pfSense are a low level network issue, but that looks OK, or traffic shaping. So do you have any shaping configured? Either Limiters or AltQ?
If not then I'd be looking at the other equipment in the path, so the AP or any switches. Try connecting the notebook directly to em2.
Steve
-
@stephenw10 I turned off the MS Firewall on the notebook computer and I could ping both ways..... go figure.
Running iperf server on the DMZ notebook I get the following.
C:\Users\TAC\Desktop\Utilities\iPerf 3.1.3\iperf-3.1.3-win64\iperf-3.1.3-win64> C:\Users\TAC\Desktop\Utilities\iPerf 3.1.3\iperf-3.1.3-win64\iperf-3.1.3-win64>iperf3 -c 192.168.31.196 Connecting to host 192.168.31.196, port 5201 [ 4] local 192.168.30.204 port 49168 connected to 192.168.31.196 port 5201 [ ID] Interval Transfer Bandwidth [ 4] 0.00-1.00 sec 11.2 MBytes 94.3 Mbits/sec [ 4] 1.00-2.00 sec 11.2 MBytes 94.4 Mbits/sec [ 4] 2.00-3.00 sec 11.2 MBytes 94.3 Mbits/sec [ 4] 3.00-4.00 sec 11.4 MBytes 95.5 Mbits/sec [ 4] 4.00-5.00 sec 11.2 MBytes 94.3 Mbits/sec [ 4] 5.00-6.00 sec 11.1 MBytes 93.5 Mbits/sec [ 4] 6.00-7.00 sec 11.0 MBytes 92.2 Mbits/sec [ 4] 7.00-8.00 sec 11.4 MBytes 95.4 Mbits/sec [ 4] 8.00-9.00 sec 11.2 MBytes 94.5 Mbits/sec [ 4] 9.00-10.00 sec 11.4 MBytes 95.3 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth [ 4] 0.00-10.00 sec 112 MBytes 94.4 Mbits/sec sender [ 4] 0.00-10.00 sec 112 MBytes 94.3 Mbits/sec receiver iperf Done.Previous data was running iperf server on the LAN desktop.
Also, not traffic shaping and I get the same slow DMZ results if I plug my notebook computer directly into the DMZ port on the back of the pfSense box.
-
OK, so by default in iperf the client sends to the server. So it looks like your restriction is inbound on the DMZ interface.
If there are no errors on the DMZ interface the only thing that could do that in pfSense is shaping. If you have no shaping in place I'd be looking at something else. Since you say this happens on a backup pfSense box (is that swapping out the box completely?) it must be something common to both.Steve
-
@stephenw10 I really appreciate your help on this!
My backup box is an identical old Dell computer (Intel Core2 CPU 4300 @ 1.80GHz).
I previously posted the error status of the DMZ interface so that should be good.
I've never messed with shaping, but where should I double check that?
-
This looks good, this is the DMZ interface.
-
Check the 'By Queue' tab and make sure there are none. Then check the Limiters tab and make sure none show there either.
Next test I'd do would be running iperf on pfSense itself so you're only testing one NIC. There is an iperf3 package you can install to do that.
However this all points to some hardware commonality.
Steve
-
@stephenw10
By Queue was blankLimiters | Limit_in and Limit Out were both enabled. I have no idea why. I'll uncheck the Enable button on both and see what happens. Where would these settings be tied to the DMZ interface?
-
@stephenw10
OGM I un-enabled them and now get this on my DMZ.
I know you think I'm an idiot, but I honestly don't remember messing with any of that stuff. I don't consider myself skilled enough to mess with anything but a few rules..... and I'm still not too sure about that.
Thanks again for all your help!
Even if I messed with it on my main pfSense box, I don't know how it would have got changed on my backup box.
-
Aha! That would do it.
They will be applied via a firewall rules on the DMZ interface. You will see it gas advanced options set. Though your floating rule should have applied before that so check for other floating rules that might apply.
Steve
