LAN Traffic Extreme Slow..Need Help!!!

Zan

Hi All,

I'm very new to Pfsense.

I'm using PFsense version 1.2.3. After using pfsense proxy. I'm facing extreme Lan traffic slow, latency very high when connect to server. The PFsense server processor & RAM usage very low.

Can somebody please attempt to help me?

Below is my Network Topology

Thank in advance.

Nachtfalke

Hi,

there is no screenshot of you topology.

What do you mean with "pfsense proxy" ? Do you mean squid ?

PS: If you start new with pfsense, why not starting with pfsense 2.0RC-3 ?

Cry Havok

LAN to LAN traffic won't be going through pfSense so that can't be the source of the problem. Try replacing the switch and checking the network traffic to see if one particular PC is causing a problem.

Nachtfalke

@Cry:

LAN to LAN traffic won't be going through pfSense so that can't be the source of the problem. Try replacing the switch and checking the network traffic to see if one particular PC is causing a problem.

Cry Havok is right. If the traffic is between PCs on the same subnet then the problem is NOT pfsense.
It could be pfsense if you are routing between different subnets.

Zan

@Nachtfalke:

Hi,

there is no screenshot of you topology.

What do you mean with "pfsense proxy" ? Do you mean squid ?

PS: If you start new with pfsense, why not starting with pfsense 2.0RC-3 ?

Ok, i will try the new version pfsense 2.0RC-3

Zan

@Nachtfalke:

@Cry:

LAN to LAN traffic won't be going through pfSense so that can't be the source of the problem. Try replacing the switch and checking the network traffic to see if one particular PC is causing a problem.

Cry Havok is right. If the traffic is between PCs on the same subnet then the problem is NOT pfsense.
It could be pfsense if you are routing between different subnets.

LAN to Lan traffic won't be going through pfsense ?
but if i Disable the Pfsense Firewall, my LAN traffic will become more faster..

Zan

@Nachtfalke:

@Cry:

LAN to LAN traffic won't be going through pfSense so that can't be the source of the problem. Try replacing the switch and checking the network traffic to see if one particular PC is causing a problem.

Cry Havok is right. If the traffic is between PCs on the same subnet then the problem is NOT pfsense.
It could be pfsense if you are routing between different subnets.

I Had upgraded to new version 2.0 RC3, but now i cannot use IP address connect to my server, now only can use server name "\servername"  to connect…..Previously the old version everything working fine....

how to add different subnet to pfsense, so that i can solve the slow traffic & high latency ?

Cry Havok

Please provide a diagram showing how your network is configured.  For example:

ADSL –- pfSense (192.168.0.1) --- switch
                                    |  |
                                    |  -- PC (192.168.0.5)
                                    -- Server (192.168.0.10)

Zan

My Diagram as below:

ADSL–Juniper Firewall Rounter(192.168.5.200)--pfsense (192.168.3.2)--Managed switch(192.168.5.10)   
                                                                                                      ||    || 
                                                                                                      ||    ||
                                                                                                      ||      PC (192.168.3.50)
                                                                                                      ||
                                                                                                    server (192.168.5.50)

fyi–if i put pfsense server in subnet 192.168.5.0/24, i cannot access to local host server (192.168.3.100)...

Cry Havok

I can see part of the cause of your problem - you're randomly mixing subnets. If the Juniper has 192.168.5.x for it's internal subnet then you must not use that on the internal subnet for pfSense, and the managed switch.

Zan

For my case. Can you give me example, normally user how to configure it ?

I feel confusion, if i disable the pfsense firewall…the LAN traffic will run more faster.

Zan

Please ignore previous Diagram. I had revised the Diagram.

ADSL–Juniper Firewall Rounter(192.168.5.200)--Managed switch-------PFsense (192.168.3.2)    
            (**Firewall tp do the routing for                             ||                 ||
             192.168.5.0/24 &192.168.3.0/24 &                        ||                ||
              interface 192.168.3.1/32 &192.168.5.1 )                 ||                 ||  
                                                                                   ||                 ||
                                                                                   ||                PC (192.168.3.50)
                                                                                   ||
                                                                       server (192.168.5.50)

***I only want to capture proxy report.
User LAN configuration
IP -192.168.3.xx
subnet - 255.255.255.0
Gateway - 192.168.3.2 (Pfsense server)
DNS - 192.168.5.xx

***Server will skip round to Pfsense server.
Server LAN configuration
IP-192.168.5.xx
subnet- 255.255.255.0
Gateway- 192.168.5.1
DNS- 192.168.5.xx

Cry Havok

Where is the performance problem? Is it internal to 192.168.3.x, 192.168.5.x or between the 2 subnets? Is pfSense NATing between the networks, or routing? What hardware do you have and what is the volume of traffic (both in terms of bandwidth and packets per second)?

Zan

i think is internal problem 192.168.3.x ->192.168.5.x. Because When i open the server share folder, i need to wait for 10 second to open it. If i try to disable the Pfsense firewall, the speed will back to normal (faster).

IF i change the Pfsense LAN IP & my pc IP to 192.168.5.x, example from 192.168.5.x ->192.168.5.x. The speed will like normal, very fast.

I'm using Juniper SSG320M Firewall & HP Procurve Managed Switch.

According to the Status Traffic Graph From Pfsense, In & Out traffic average below 50 Kbps

Ping Result - From 192.168.3.x to 192.168.5.x
–-Reply from 192.168.5.1: bytes=32 time=1ms TTL=64
---Reply from 192.168.5.1: bytes=32 time<1ms TTL=64

Cry Havok

So, what you're saying is that the problem is only with Windows file shares? Is the only problem with connecting to the share, or is there also a performance problem when accessing files on the share? Are you connecting by hostname or by IP address?

Also, you forgot to say whether pfSense is only routing or also NATing.

Zan

Today the connection speed to the server feel more faster (like normal speed)….but the performance when accessing to files on the server still not stable....I received this error few times when i open the excel file - "cannot be accessed. The file may be corrupted"  & The internet connection not stable, sometime microsoft outlook cannot send out the email, the mail pending in outbox. This few days, i will keep on monitor it.

I'm using both type hostname & IP address.

I'm not sure whether pfsense using routing or NAT...Please refer to below attached file for you to check.

http://www.imageshare.web.id/images/ayc89balwd0tsje7o9jf.jpg

http://www.imageshare.web.id/images/ruswx9j08p35co1p3l0t.jpg

Cry Havok

I'm not seeing any images, though if you don't know I'd guess NAT.

Zan

IF u can't see the picture, please click the shortcut link…tq

Cry Havok

Yes - and at the end of that link is an upload form, not an image.

Zan

ok, nvm. Let me describe the settings.

Firewall Advanced : Just follow by default setting..

Network Address Translation : By default setting…Disable NAT reflection for port forward.