EXTREMELY slow speeds on new install
-
First, I'm new to PFSense, so I'm going to try to offer too many details, instead of not enough.
About two months ago, I installed PFSense 1.2.3 on an old WYSE thin client, using an IDE 4GB SSD. I put it on my network using the LAN connection, configured at 192.168.8.200, and I configured it the same as my old Linksys router running DD-WRT. I have a lot of port forwards, as I run a web, FTP, and Email server, and have a lot of other misc ports for various things. After it was configured, I didn't get a chance to make it live until 2 months later (Today). It didn't reboot the entire time, and I was happy. I just configured my old router to 192.168.8.200, PFSense as 192.168.8.1, turned on DHCP (And turned it off on the old router), and switched the WAN cable from the Cable Modem to the PFSense machine. I didn't bother cloning the MAC address, as I assumed Comcast doesn't do that anymore. Things didn't work, so I rebooted the Cable Modem. Unfortunately, Comcast decided to give me a new IP address, so I had to configure all my domain names. Finally, that's done, and I have Internet access, and access to my websites and email server seem fine. However, things are a bit slow, and just not 'right'. I hop over to Speedtest.net, and I did about 10 tests from different servers. Seems I can upload between 2 and 3 Mb/s, which seems pretty good for me. However, the downloads are between 0.12 and 0.13 Mb/s! I wouldn't have thought they were THAT slow, but still very slow, and I've noticed sometimes a Website hangs, and if I refresh, it comes back fast.
I haven't installed any packages, and the only unusual things I've done with the PFSense box are:
A bunch of forwarded ports
Unchecked 'Disable NAT Reflection', so I could access my websites locally.
Before making it live, I was playing around, and had it make WebGUI SSL Certificates.Also, I went to the Cable Modem's webpage, 192.168.100.1, and it took a long time to load, indicating the problem is between PFSense and the modem.
The WAN connects to a 3COM 3c905b-TX in the Wyse Thin Client.
I don't even know where to begin. Does anyone have a place for me to start? TIA!
-
A couple of suggestions:
- On a client on the LAN side of the pfSense box, ping the pfSense box, then ping the modem. The modem ping time will be a bit higher than the pfSense ping time but shouldn't vary by much more than the pfSense ping times. Both pings should be loss free.
Example ping command:
# ping -c 20 ping-target
where you will have to replace ping-target by the name or IP address of the system you want to respond to the ping.
Then repeat the ping to one or more of the speedtest hosts (or your upstream internet gateway). Some of these systems may not respond to pings. Again, the response time shouldn't vary too much and nothing should be lost.
- From the pfSense web GUI, go to Status -> Interfaces and look at the counters In/Out packets and In/Out errors on both your AN and WAN interfaces. The error counters should be a very small proportion of the In/Out packets.
-
Thanks for the fast response. I did the ping. Pinging the router always resulted in <1ms response. Pinging the cable modem resulted in 2ms about 85% of the time, and a 'Request timed out' the other 15%.
Here's the packet errors:
In/out packets 1128508/275687 (212.13 MB/114.41 MB)
In/out errors 104765/0I'm guessing I'm losing packets somewhere.
-
I'm guessing I'm losing packets somewhere.
On the input side of your pfSense WAN interface is one place!
What type of network interfaces are on your pfSense box? Maybe you have a duplex mismatch between your cable modem and the WAN interface. Please provide the output of the pfSense shell command:
# ifconfig -a
and identify which interface is acting as WAN and LAN.
-
Thanks again for the response. I was in a 'Have to do SOMETHING' kind of mood, so I replaced the 3com NIC with another one (Think it was a netgear, it was on the compatibility list), and after a lot of futzing around (My settings got wiped out somewhere along the way, very glad I made a backup), and things seem to be working. Things are snappy, Speedtest.net shows 20Mb/s, and there are 0/0 errors. Just had to change my domain names, as it seems Comcast changes my IP address every time the MAC connected to the Cable Modem changes. Thanks again!
-
A good chance is that there was a NIC duplex mismatch, which causes the packet errors you see and screws your perfomance to the wall.