Trouble Shooting a PFSENSE box

nambi

here is the usage graph,

Why is it that my 4 hour 1 min avr graph doesn't show anything or 16 hour 1 min av & 2 day 5 min avr

pfgraph.jpg_thumb

wallabybob

The top output is not consistent with your claim of 3% idle CPU. How did you come to that conclusion?

The ping command can be used to estimate latency, e.g.```

ping -c 20 host


The shell command```
# netstat -i
```will return counters for each interface including error counters. (delays might be caused by corrupted or lost packets)

nambi

Thank you for all the help.

"The top output is not consistent with your claim of 3% idle CPU. How did you come to that conclusion?"

This was what I normally see when I log into the box and go to /status/system

Here are my ping results. and my netstat results. I think my pings look slow, what would cause this?

$ ping -c 20 google.com
PING google.com (173.194.32.104): 56 data bytes
64 bytes from 173.194.32.104: icmp_seq=0 ttl=56 time=11.843 ms
64 bytes from 173.194.32.104: icmp_seq=1 ttl=56 time=11.548 ms
64 bytes from 173.194.32.104: icmp_seq=2 ttl=56 time=11.493 ms
64 bytes from 173.194.32.104: icmp_seq=3 ttl=56 time=10.810 ms
64 bytes from 173.194.32.104: icmp_seq=4 ttl=56 time=12.730 ms
64 bytes from 173.194.32.104: icmp_seq=5 ttl=56 time=11.083 ms
64 bytes from 173.194.32.104: icmp_seq=6 ttl=56 time=11.527 ms
64 bytes from 173.194.32.104: icmp_seq=7 ttl=56 time=10.569 ms
64 bytes from 173.194.32.104: icmp_seq=8 ttl=56 time=11.711 ms
64 bytes from 173.194.32.104: icmp_seq=9 ttl=56 time=11.244 ms
64 bytes from 173.194.32.104: icmp_seq=10 ttl=56 time=11.023 ms
64 bytes from 173.194.32.104: icmp_seq=11 ttl=56 time=11.252 ms
64 bytes from 173.194.32.104: icmp_seq=12 ttl=56 time=11.989 ms
64 bytes from 173.194.32.104: icmp_seq=13 ttl=56 time=11.579 ms
64 bytes from 173.194.32.104: icmp_seq=14 ttl=56 time=11.830 ms
64 bytes from 173.194.32.104: icmp_seq=15 ttl=56 time=12.268 ms
64 bytes from 173.194.32.104: icmp_seq=16 ttl=56 time=32.353 ms
64 bytes from 173.194.32.104: icmp_seq=17 ttl=56 time=11.585 ms
64 bytes from 173.194.32.104: icmp_seq=18 ttl=56 time=11.318 ms
64 bytes from 173.194.32.104: icmp_seq=19 ttl=56 time=11.428 ms

–- google.com ping statistics ---
20 packets transmitted, 20 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 10.569/12.559/32.353/4.566 ms

$ ping -c 20 microsoft.com
PING microsoft.com (207.46.232.182): 56 data bytes

--- microsoft.com ping statistics ---
20 packets transmitted, 0 packets received, 100.0% packet loss

$ ping -c 20 yahoo.com
PING yahoo.com (69.147.125.65): 56 data bytes
64 bytes from 69.147.125.65: icmp_seq=0 ttl=54 time=28.310 ms
64 bytes from 69.147.125.65: icmp_seq=1 ttl=54 time=26.832 ms
64 bytes from 69.147.125.65: icmp_seq=2 ttl=54 time=27.967 ms
64 bytes from 69.147.125.65: icmp_seq=3 ttl=54 time=26.968 ms
64 bytes from 69.147.125.65: icmp_seq=4 ttl=54 time=26.622 ms
64 bytes from 69.147.125.65: icmp_seq=5 ttl=54 time=26.420 ms
64 bytes from 69.147.125.65: icmp_seq=6 ttl=54 time=26.669 ms
64 bytes from 69.147.125.65: icmp_seq=7 ttl=54 time=26.749 ms
64 bytes from 69.147.125.65: icmp_seq=8 ttl=54 time=26.511 ms
64 bytes from 69.147.125.65: icmp_seq=9 ttl=54 time=26.527 ms
64 bytes from 69.147.125.65: icmp_seq=10 ttl=54 time=26.749 ms
64 bytes from 69.147.125.65: icmp_seq=11 ttl=54 time=26.329 ms
64 bytes from 69.147.125.65: icmp_seq=12 ttl=54 time=27.077 ms
64 bytes from 69.147.125.65: icmp_seq=13 ttl=54 time=27.306 ms
64 bytes from 69.147.125.65: icmp_seq=14 ttl=54 time=26.584 ms
64 bytes from 69.147.125.65: icmp_seq=15 ttl=54 time=26.323 ms
64 bytes from 69.147.125.65: icmp_seq=16 ttl=54 time=27.092 ms
64 bytes from 69.147.125.65: icmp_seq=17 ttl=54 time=27.042 ms
64 bytes from 69.147.125.65: icmp_seq=18 ttl=54 time=26.741 ms
64 bytes from 69.147.125.65: icmp_seq=19 ttl=54 time=42.767 ms

--- yahoo.com ping statistics ---
20 packets transmitted, 20 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 26.323/27.679/42.767/3.496 ms

$ ping -c 20 apple.com
PING apple.com (17.112.152.57): 56 data bytes
64 bytes from 17.112.152.57: icmp_seq=0 ttl=243 time=79.368 ms
64 bytes from 17.112.152.57: icmp_seq=1 ttl=243 time=79.317 ms
64 bytes from 17.112.152.57: icmp_seq=2 ttl=243 time=78.288 ms
64 bytes from 17.112.152.57: icmp_seq=3 ttl=243 time=79.355 ms
64 bytes from 17.112.152.57: icmp_seq=4 ttl=243 time=78.635 ms
64 bytes from 17.112.152.57: icmp_seq=5 ttl=243 time=79.386 ms
64 bytes from 17.112.152.57: icmp_seq=6 ttl=243 time=78.455 ms
64 bytes from 17.112.152.57: icmp_seq=7 ttl=243 time=78.654 ms
64 bytes from 17.112.152.57: icmp_seq=8 ttl=243 time=78.982 ms
64 bytes from 17.112.152.57: icmp_seq=9 ttl=243 time=78.985 ms
64 bytes from 17.112.152.57: icmp_seq=10 ttl=243 time=78.456 ms
64 bytes from 17.112.152.57: icmp_seq=11 ttl=243 time=79.444 ms
64 bytes from 17.112.152.57: icmp_seq=12 ttl=243 time=78.749 ms
64 bytes from 17.112.152.57: icmp_seq=13 ttl=243 time=79.249 ms
64 bytes from 17.112.152.57: icmp_seq=14 ttl=243 time=78.750 ms
64 bytes from 17.112.152.57: icmp_seq=15 ttl=243 time=78.992 ms
64 bytes from 17.112.152.57: icmp_seq=16 ttl=243 time=79.403 ms
64 bytes from 17.112.152.57: icmp_seq=17 ttl=243 time=80.230 ms
64 bytes from 17.112.152.57: icmp_seq=18 ttl=243 time=78.417 ms
64 bytes from 17.112.152.57: icmp_seq=19 ttl=243 time=79.180 ms

--- apple.com ping statistics ---
20 packets transmitted, 20 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 78.288/79.015/80.230/0.463

$ netstat -i
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
ste0 1500 <link#1>00:05:5d:fb:cf:2e 732766 0 968330 0 0
ste0 1500 192.168.1.0 firewallcanada 16722 - 440684 - -
ste0 1500 fe80:1::205:5 fe80:1::205:5dff: 0 - 1 - -
vr0 1500 <link#2>00:0a:e6:2d:f3:9f 969580 0 948426 0 0
vr0 1500 fe80:2::20a:e fe80:2::20a:e6ff: 0 - 2 - -
lo0 16384 <link#3>5453 0 5453 0 0
lo0 16384 your-net localhost 286242 - 821 - -
lo0 16384 ::1 ::1 0 - 0 - -
lo0 16384 fe80:3::1 fe80:3::1 0 - 0 - -
enc0 1536 <link#4>314093 0 225432 0 0
pfsyn 1460 <link#5>0 0 0 0 0
pflog 33204 <link#6>0 0 5249 0 0
ng0 1492 <link#7>968505 0 947352 0 0
ng0 1492 70.25.56.48/3 PTR 1060915 - 758238 - -
ng0 1492 fe80:7::205:5 fe80:7::205:5dff: 0 - 2 - -
tun0 1500 <link#8>0 0 3 0 0
tun0 1500 fe80:8::205:5 fe80:8::205:5dff: 0 - 2 - -
tun0 1500 192.168.200.1 192.168.200.1 0 - 0 - -</link#8></link#7></link#6></link#5></link#4></link#3></link#2></link#1>

wallabybob

@nambi:

"The top output is not consistent with your claim of 3% idle CPU. How did you come to that conclusion?"

This was what I normally see when I log into the box and go to /status/system

I presume you are logging in through the web GUI rather than the console or ssh session. On the web page I see a CPU Usage field there, not a CPU idle field. Did you really mean "cpu about 3% idle" rather than "cpu usage about 3%"?

The ping times to apple.com and yahoo.com are quite consistent. The ping times to google.com are much more variable (10mS to 32mS) but I wouldn't expect that variability to be very noticeable.

The netstat output doesn't show any received errors.

I wonder if your DNS is slow. This could explain why your web surfing is "slow" but download speeds are "high". (When you click on a web page link its generally necessary to ask your DNS to translate the host name to an IP address.) What DNS do you use? (People generally end up using their ISP's DNS.)

tommyboy180

Forgot about DNS.

Try setting your DNS servers to OpenDNS with IP 208.67.222.222 and 208.67.220.220.
I have used OpenDNS for years now and their service has always been 100% reliable not to mention very fast.

nambi

Thank you for the info, at first I was using my ISP's DNS (Bell) but I had a lot of time outs then I swtiched them to google.

8.8.8.8
and
8.8.4.4

I will try opendns's dns but doesn't opendn filter their content?

Thanks will try, to day the net seems responsive.

"The top output is not consistent with your claim of 3% idle CPU. How did you come to that conclusion?"
I must have read the system wrong I do apologize.

And Yes I meant to speak of "CPU usage" meaning when the system system way idle the "CPU usage" seems to be at about 3%

My graphs do not display anything for "4 hour 1 min avr, or 16 hour 1 min av & 2 day 5 min avr"

dszp

OpenDNS filters only spyware or virus-laden webpages by default (along with phishing sites I believe, found at least by their sister site, phishtank.com), if you just start using them. To do additional content filtering by category for instance, you have to create an account and register your IP address(es) and set the settings.

nambi

Using the open DNS servers seemed to fix the lag, pages are quick to respond and system seems back to normal.

Thanks you all for helping me diagnose this issue.

rugby

@David:

OpenDNS filters only spyware or virus-laden webpages by default (along with phishing sites I believe, found at least by their sister site, phishtank.com), if you just start using them. To do additional content filtering by category for instance, you have to create an account and register your IP address(es) and set the settings.

They also do DNS redirecting and sometimes have incorrect records. Be very careful using their servers, as you won't end up where you wanted to go sometimes.

tommyboy180

Do you have an example URL. I have never seen a re-direct to anything other than the OpenDNS search engine from URLs that don't exist.

dszp

It's been a while and I'm not sure if they still do it, but the other thing I've seen from OpenDNS is that they've (transparent) proxied Google in the past, to resolve a specific issue they were having. I discovered this when I was using it and Google wouldn't load for anyone (a proxy issue on their end) but everything else worked. I forget what the exact reason was (there was a technical reason that went along with the way they were doing "shortcuts" or something), and like I said I don't know if they still do this. I haven't had any issues with that or any other part of the service for a long time, and I use them pretty regularly.