Performance-Problems to several Websites

Ruddimaster

The MTU-Problems solved:
Check "IP-do-not-fragment compatibility"…

the issue to surf to several websites (e.g. ford.com) still exist.
I have all packages uninstalled except NRPE...

Other Routers/Firewalls (LANCOM, IPFire) doesn't cause this problem.
On fresh bare metal installation (Pentium 4 with 3c905-TX) I have the same issue.

suggestions are welcome

Ruddimaster

update…
on my test environment (Pentium 4 with 2 x 3c905-tx) -fresh installation -No packages- - I have checked/unchecked serveral boxes in the menu "Advanced".
Finally I installed 2.1-BETA0.
No improvement.

need help...

Ruddimaster

Now I have this problems
with www.spiegel.de

Packet Capture
Interface: DMZ (192.168.1.x)

12:31:50.653400 00:0c:29:bb:ff:9c > 00:0c:29:c9:bd:e3, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 15617, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.1.112.1662 > 195.71.11.67.80: Flags [s], cksum 0x041b (correct), seq 1276027028, win 64240, options [mss 1460,nop,nop,sackOK], length 0
12:31:53.614686 00:0c:29:bb:ff:9c > 00:0c:29:c9:bd:e3, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 15648, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.1.112.1662 > 195.71.11.67.80: Flags [s], cksum 0x041b (correct), seq 1276027028, win 64240, options [mss 1460,nop,nop,sackOK], length 0
12:31:59.630321 00:0c:29:bb:ff:9c > 00:0c:29:c9:bd:e3, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 15704, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.1.112.1662 > 195.71.11.67.80: Flags [s], cksum 0x041b (correct), seq 1276027028, win 64240, options [mss 1460,nop,nop,sackOK], length 0

[/s][/s][/s]

wallabybob

Without some more capture parameters (what filters were specified?, is this an edited version of the capture? etc) it is not possible to give an accurate interpretation of the capture.

Is this traffic blocked by firewall rule? (By default, all traffic on NON-LAN interfaces is blocked.)

Does a packet capture on the WAN interface show this traffic leaving pfSense? Does it get a response?

Ruddimaster

After your post suddenly www.spiegel.de works.

Now I have the same problem.
I have installed a new Workstation in our DMZ (no restrictions from DMZ (192.168.1.0) to external (.)
this is the output from wieshark of this machine with pfsense and LANCOM as default gateway.

other domains are accessible.

Can you instruct me, how I capture and filter the WAN-Nic, because we have on this a high load.

Thanks….

[spiegel via LANCOM.txt](/public/imported_attachments/1/spiegel via LANCOM.txt)
[spiegel via pfsense.txt](/public/imported_attachments/1/spiegel via pfsense.txt)

Ruddimaster

… you see in the report -pfsense-
after waiting approx 30Seconds, the Internet Explorer open BING to query "www.spiegel.de"...

Reiner030

you have checked your problematic sites also externally ?

http://www.speedguide.net/analyzer.php

My "Share your Results":

« SpeedGuide.net TCP Analyzer Results » 
Tested on: 2013.02.27 13:10 
IP address: 5.145.xxx.xx 
Client OS/browser: Linux (Firefox 17.0) 

TCP options string: 020405b40402080a5b0ce8630000000001030307 
MSS: 1460 
MTU: 1500 
TCP Window: 5888 (NOT multiple of MSS) 
RWIN Scaling: 7 bits (2^7=128) 
Unscaled RWIN : 46 
Recommended RWINs: 64240, 128480, 256960, 513920, 1027840 
BDP limit (200ms): 236kbps (29KBytes/s)
BDP limit (500ms): 94kbps (12KBytes/s) 
MTU Discovery: ON 
TTL: 53 
Timestamps: ON 
SACKs: ON 
IP ToS: 00000000 (0) 

and```

« SpeedGuide.net TCP Analyzer Results »
Tested on: 2013.02.27 13:12
IP address: 91.102.xx.xxx
Client OS/browser: Windows 7 (Firefox 19.0)

TCP options string: 020405b40103030201010402
MSS: 1460
MTU: 1500
TCP Window: 65700 (multiple of MSS)
RWIN Scaling: 2 bits (2^2=4)
Unscaled RWIN : 16425
Recommended RWINs: 64240, 128480, 256960, 513920, 1027840
BDP limit (200ms): 2628kbps (329KBytes/s)
BDP limit (500ms): 1051kbps (131KBytes/s)
MTU Discovery: ON
TTL: 117
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)

Bests

Reiner

Ruddimaster

Hi Reiner,

thanks for your reply.
Allmost all websites are accessible, just a few site (spiegel.de) are sometimes not (for a few days).
OK I send you the requested reports…

Reiner030

Hi this was only an idea because years ago it was often a problem for ADSL users especially from Yahoo  and AOL which had only ~1448 and ~1412 bytes MTU instead of "normal" 1492 so many sides weren't working..

Ruddimaster

Now suddenly spiegel.de works again.
strange.  ???