Help with network design and diagnosis of slow FTP
-
I'm moderately knowledgeable about networks and have had some problems with my Comcast performance recently. I was using a D-Link DIR655 and this didn't allow me to have good visibility of what was happening on the WAN interface. So I decided to build a pfSense machine so I could see in more detail what was going on. My network setup is attached and I have two questions.
1. Any comments on the numbering/design of the network?
2. I am having some real problems with FTP performance. The desktop on the LAN is getting 500k speeds over FTP to the Server in the DMZ.Before I switch to this new design, I could download from the server at speeds around 5-6mb, but now I can't get anything above 500k. Anyone know where I start diagnosing this? FTP performance to public websites is fine, it just seems to be an issue going from LAN->DMZ. I've also tried transferring data from the HTTP server in the DMZ and I also get very poor network performance.
Details of my configuration are on this website, http://www.daftdonkey.com/external/network/design/index.html
D-Link DIR655
WAN Static setup
IP: 192.168.150.2
Subnet: 255.255.255.0
Gateway: 192.168.150.1
Primary DNS: 68.87.76.178
Secondary DNS: 68.87.76.130
MTU: 1500LAN setup
IP: 192.168.1.1
Subnet: 255.255.255.0
Enable DNS relay: Yes
Enable DHCP Server: Yes
DHCP Range: 192.168.1.100 - 199
DHCP lease (mins): 1440Wireless setup
SSID: Wireless
802.11 mode: Mixed 802.11n, g, b
Channel auto scan: Yes
Channel width: Auto 20/40 MHz
Security: WPA-PersonalOther settings
No virtual servers, port forwards or any rules defined.
Traffic shaping disabled.
SPI firewall disabled.
Anti spoof checking disabled.
UPNP enabled.pfSense
WAN: DHCP
Disabled userland FTP-Proxy application
Block private networks
Block bogon networksLAN: 192.168.150.1/24
DMZ: 192.168.200.1/24 -
What's the hardware you're running pfSense on? Why do you have the DIR-655 doing NAT? And I wouldn't expect much from a USB NIC. If you must use one, use it for your slowest link (ie. the WAN side).
-
Actually i've solved this by changing the design of the network. Thanks!
-
Hi, I am a pfsense newbie! Here at work we connect to the Medicare site by first dialing up and then through ftp. Right now we have to disable our local area network everytime we are sending a file. Can you tell me what I need to change where we won't have to disable our network every time? Do I need to uncheck any of the settings under 'FTP helper'?
Thanks
Marty :-\ -
A little more information is required. At the very least why you have to disable the LAN. What happens if you don't?