Bandwidth test= fine, browsing unusable (HYPER-V)
-
to note: in the second image under gateway, it says dynamic for one. This is the one I've disconnected for the virtual pfsense to use, so it is seen as down for the moment (I've removed the connection to VLAN 5 from the physical pfsense and applied it to the virtual to use).
-
http://imgur.com/GaydetJ,BRkUTaK is a simplified network diagram
the first image is the functional view while the second image is the physical view
-
What are you DNS servers?
Are they being served by numbers forwarded from your WAN connection?
Could you try changing them to something like:
127.0.0.1
8.8.8.8
8.8.4.4?????
I use an internal DNS on the Domain Controller for internal name resolution. It forwards to the ISP's primary and secondary DNS as well as 8.8.8.8 and 8.8.4.4.
-
One second, trying out your suggestion
-
I like your suggestion because the internal DNS hadn't changed the gateway.
I tried external DNS both 8.8.8.8/8.8.4.4 as well as my ISP's DNS servers and it was still slow (flushed DNS before the test as well as cleared the browser caches)
-
OK - Now…. Maybe its the return path thats a problem.
Try unplugging WAN cable from one modem.
Test.Then other modem...
Test...Is it more reliable on one modem than two?
-
Crap. You only have one. Right?
OK. Can you drop 1 IP for WAN and test?
-
Just dropped everything on Modem1 except for a single connection/IP to virtualize pfSense and it still has same issues
Weird things though…...google loads quickly and has no issues, so does speedtest.net......youtube takes a while to load all the thumbs but the videos buffer at full speed
-
I can't load a single thing on forum.pfsense.org when I change to the virtualized pfsense
Also I am seeing a ton of denials on the pfsense firewall from internal IPV6 addresses (probably broadcasts) even though I disabled IPv6….......how do I kill that off?
Edit: Here are the firewall logs: http://imgur.com/1cgaMr5
-
Unless you have some need of IPV6 today, why not:
System > Advanced > networking
Un-click all the IPV6 on both your PFsense boxes?
Turn it all off.
-
Yeah I did just that. The logs are still getting filled with IPv6 denials…...weird.
-
Can you also remove the "allow" IPV6 reference in your LANs (and maybe WANS) firewall rules?
Unless you need it for something? Everywhere… -
Can you also remove the "allow" IPV6 reference in your LANs (and maybe WANS) firewall rules?
Unless you need it for something? Everywhere…hmmm I don't think this is the problem, though….....I should get some sleep on this.
Let me know if you think of anything else that I may have missed.
Edit: I have removed the references from everywhere, still showing.......hmm
-
OHHHHHH YES.
I'm sure I'll just imagine the fix while you are sleeping! haha Not. -
OHHHHHH YES.
I'm sure I'll just imagine the fix while you are sleeping! haha Not.haha well you know what I mean…...if you think of another idea, let me know!
It seems to be only a few domains that work very well, others don't. It may be a DNS issue. I'll mess around with that tomorrow
-
I suspect DNS issue, or WAN load balancing issue, or either DHCP, IP or MAC conflict.
Be cause it works a little in fits and starts…If it were insurmountable, it wouldn't work at all.
I'd start with 1 IP, 1 pfsense and 1 computer on 1 LAN and see if that even works on a fresh install.
Then I'd start adding aspects of your network introducing them 1 at a time and see when it breaks. Might point to the why.and
546/547 is DHCPv6. It would go away if you enabled DHCPv6 Relay on the interface. Why is it blocked by default with the black magic in behind otherwise - no idea. For ICMP - this is all the local traffic. Allow ICMPv6 in floating rules, useless log noise gone. ICMPv6 is required for proper IPv6 working anyway.
-
According to Mr. doktornotor, IPV6 is sort of a busted POS in freeBSD currently (Not his words, but I get that feeling)
Its suggest to:
Try - where you have the IPv6 "catchall" allow rule enabled, edit -> Advanced Options - tick the checkbox with the above nondescriptive description (This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.) - Save - Apply. See if it helps.
If you are using IPV6.
-
According to Mr. doktornotor, IPV6 is sort of a busted POS in freeBSD currently (Not his words, but I get that feeling)
Well, nah… it works pretty well except for some exceptions... ;D The fragmented packets certainly being incredibly annoying when you hit the issue.
-
Apparently, passing the traffic as described is supposed to help. Perhaps rather than going out of our way to disable and block IPV6 we should have been going the other route. Enabling it and passing it everywhere including that menu he spoke of. I'm all IPV4 here.
Last night while purchasing a couple domains I considered buying IPV4RIP.com since its not taken.
-
Brilliant! I'll take care of that as soon as I get in.
As for the other issue, I'll isolate it all tonight and try from a completely different machine (or maybe a cell phone) and attempt from there.