Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Slow management from WAN

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rcoleman-netgate Netgate @Cylosoft
      last edited by

      @cylosoft What's the status of the unbound/DNS Resolver service?

      Ryan
      Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
      Requesting firmware for your Netgate device? https://go.netgate.com
      Switching: Mikrotik, Netgear, Extreme
      Wireless: Aruba, Ubiquiti

      C 1 Reply Last reply Reply Quote 0
      • C
        Cylosoft @rcoleman-netgate
        last edited by

        @rcoleman-netgate DNS Resolver service is enabled. The computer on the LAN side was using the firewall as a DNS server and it was doing DNS lookups.

        1 Reply Last reply Reply Quote 0
        • C
          Cylosoft
          last edited by

          I just put the WAN back onto my lab switch; private IP. Via WAN everything is back to normal. DNS resolver looks good.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Presumably that is connecting via some different physical link when it has the public IP?

            Do you have any sort of traffic shaping applied?

            When you connect to the private IP in the lab is that coming from a client in the WAN subnet dircetly? I assume that cannot be the case for the public IP. It could be passing the traffic via a different firewall rule.

            Just how slow is it? What symptoms do you see when you connect?

            Steve

            C 1 Reply Last reply Reply Quote 0
            • C
              Cylosoft @stephenw10
              last edited by

              @stephenw10

              2 windows machines connected on LAN ports. The WAN port I'm physically moving cable from test network to public IP.

              Nothing in traffic shaping turned on.

              Management rule is the same. I have an IP alias with my public and my machines private IP on.

              About 1 min to load login screen. About 1 min to login. The dashboard never really loads; gets like mostly loaded.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                But in order to access it via the WAN for management you're connecting from some other external public IP to reach it?

                If you're just using the external IP from an internal client you might be hitting some asymmetry.

                C 1 Reply Last reply Reply Quote 0
                • C
                  Cylosoft @stephenw10
                  last edited by

                  @stephenw10 Yeah. My computers private IP is in the alias. On the same LAN as firewall when firewall is on lab network.

                  Public IP in the alias is my same computers public IP. So same ISP as firewall. But different public IP. 2 completely separate public IPs. I know the ISP is routing fine because this is all in production. The firewall being replaced works fine for all inbound traffic. The pfSense is getting same IP and gateway as the firewall it's replacing.

                  I'm going to try it again tonight and NAT some traffic from public IP into one of the LAN computers and see if that's slow.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    That sort of throttling feels like an IP conflict or some sort of routing issue perhaps. Potentially a catastrophic MTU problem However I'd expect those to affect traffic from LAN clients too unless it was specifically in the route your public client is using.

                    C 1 Reply Last reply Reply Quote 0
                    • C
                      Cylosoft @stephenw10
                      last edited by

                      @stephenw10 I had pfSense WAN spoof MAC from the firewall WAN it's replacing. Figuring I'd avoid any ISP issues and get a nice clean swap. But I agree it does feel like that. I just can't sort out what or why.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        ARP cached somewhere? If it was upstream though it would affect everything .

                        A pcap on the pfSense while you try to access it should show the issue.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • C
                          Cylosoft
                          last edited by

                          @stephenw10 I sorted this out. Kerio 9.4 doesn't like the pfSense web admin for some reason. Kerio 9.3 is fine with it. In Kerio NAT I've turned off filtering and inspection, but for whatever reason it just doesn't like pfSense web admin and it runs really really slow. I've never seen it on Kerio 9.4 with any other website.

                          1 Reply Last reply Reply Quote 1
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Mmm, first report I've seen of that. But good to know, I'll be watching for it.

                            Steve

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.