Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Odd DNS Issue Causes SMB Transfer Slowness

    Scheduled Pinned Locked Moved DHCP and DNS
    18 Posts 4 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ghostshellG Offline
      ghostshell
      last edited by

      I have an internal DNS server running for local servers. I just started using Unbound for a backup DNS on PFSense. When I have 127.0.0.1 in the General Setup for entry 1, SMB speeds are pretty good. If I remove or change the order in General Setup so 127.0.0.1 is not first or not in the list SMB speeds slow to a crawl. Why is this?

      1 Reply Last reply Reply Quote 0
      • johnpozJ Online
        johnpoz LAYER 8 Global Moderator
        last edited by

        Yeah that makes no sense, and smb speeds to from what?  Once you resolve the fqdn of where your trying to access dns has nothing to do with the actual smb transfer.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

        1 Reply Last reply Reply Quote 0
        • ghostshellG Offline
          ghostshell
          last edited by

          When they slowed after changing 127 to spot 2 in general speed was 137KB. After putting it back to spot 1 they were 5MB+ over wifi to the server connected via wired.

          EDIT: SMB and DNS are on the same network/LAN

          1 Reply Last reply Reply Quote 0
          • C Offline
            cmb
            last edited by

            Mucking with that is doing nothing to SMB at all. Whether or not the firewall itself uses localhost for DNS resolution has no impact on clients. DNS also has no impact on transfer speed once it's running - client does a DNS lookup, starts transfer to resulting IP, never does anything with DNS again for the duration of the transfer. There is something else going on, and it's almost certainly not related to the firewall at all given that traffic isn't touching it.

            1 Reply Last reply Reply Quote 0
            • ghostshellG Offline
              ghostshell
              last edited by

              I am able to reproduce the slowness. I left 127 in spot 2 for an hour and transferred small files over. After an hour I switched 127 to spot 1 and waited a couple min and transferred over wifi it jumped up to 5+MB. Did that for an hour and then switched back and it dropped down to 140KB when I put 127 to another spot.  Where can I look to see why this is getting affected.

              1 Reply Last reply Reply Quote 0
              • C Offline
                cmb
                last edited by

                packet capture from the affected client machine and see what it's doing or not doing.

                1 Reply Last reply Reply Quote 0
                • johnpozJ Online
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  Yeah some sort of information is missing here because dns just has nothing to do with this at all..  And as mentioned your not even moving packets through pfsense..  Do a sniff of your fast transfer, then do a sniff when you say its slow and we can see what is going on.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                  1 Reply Last reply Reply Quote 0
                  • ghostshellG Offline
                    ghostshell
                    last edited by

                    14:26:41.306997 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:26:41.307097 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:26:46.307053 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:26:46.307060 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:26:51.307012 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:26:51.307030 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:26:56.307065 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:26:56.307082 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:27:01.307023 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:27:01.307037 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:27:06.306978 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:27:06.307077 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:27:11.307035 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:27:11.307051 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:27:16.306990 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:27:16.307089 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:27:21.307047 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:27:21.307063 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:27:26.307002 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:27:26.307018 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:27:28.812373 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 245)
                        192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
                    14:27:28.812409 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 238)
                        192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
                    14:27:31.307059 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:27:31.307073 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:27:36.307015 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:27:36.307032 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:27:41.307071 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:27:41.307086 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:27:46.307026 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:27:46.307041 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:27:51.307082 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:27:51.307097 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:27:56.307038 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:27:56.307055 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:28:01.307094 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:28:01.307108 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:28:06.307055 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:28:06.307079 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:28:11.307006 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:28:11.307024 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:28:16.307062 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:28:16.307074 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:28:21.307019 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:28:21.307037 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:28:26.306974 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:28:26.307074 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:28:31.307031 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:28:31.307046 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:28:36.306989 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:28:36.307087 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:28:41.307046 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:28:41.307062 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:28:46.307004 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:28:46.307021 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:28:51.307062 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:28:51.307078 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:28:56.307019 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:28:56.307034 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:28:58.148079 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 245)
                        192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
                    14:28:58.148103 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 245)
                        192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
                    14:29:01.168783 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:01.168799 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:01.168805 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:01.168810 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:01.168813 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:01.168982 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 245)
                        192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
                    14:29:01.168987 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 78)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
                    14:29:01.307077 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:29:01.307083 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:29:03.510897 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:03.510903 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:03.510907 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:03.510911 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:03.510997 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:03.511001 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 78)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
                    14:29:03.511005 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:03.511009 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:03.511012 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:03.511016 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:03.511019 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:03.511023 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 78)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
                    14:29:05.275271 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:05.275281 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:05.275286 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:05.275290 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:05.275293 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:05.275297 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 78)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
                    14:29:06.307035 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:29:06.307134 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:29:08.279010 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 220)
                        192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
                    14:29:10.281121 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 220)
                        192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
                    14:29:11.306993 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:29:11.307093 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
                    14:29:12.283245 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 220)
                        192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
                    14:29:14.285360 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 220)
                        192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
                    14:29:16.287579 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 220)
                        192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
                    14:29:16.287592 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                        192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
                    14:29:16.307050 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                    14:29:16.307056 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                        192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21

                    1 Reply Last reply Reply Quote 0
                    • C Offline
                      cmb
                      last edited by

                      There's not even an attempt to transfer a file there. Though I'd expect that if you captured from the LAN of the firewall, given that internal SMB traffic doesn't touch it. What were you doing when capturing that, and from where was the capture taken?

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ Online
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        Capture on the machine your wanting to transfer from, ie the pc your using.. Be it your pulling a file down from a share or putting a file on a share.  The PC your using will show us the transfer.  As already stated multiple times if your moving a file to or from a machine on the same network segment pfsense doesn't even see or touch that traffic.  So how would its dns settings slow anything down.

                        Also is hard to view details in that sort of info - upload the the actual capture.  You can make it anon if you want with a tool such as https://www.tracewrangler.com/

                        But if your just doing a file copy via smb, etc.  There really shouldn't be any data in there other than maybe the username and password you use to auth to the share - just create a test account before you do the sniff and use that, etc..

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                        1 Reply Last reply Reply Quote 0
                        • ghostshellG Offline
                          ghostshell
                          last edited by

                          Cap Int: LAN
                          Proto: UDP
                          IP: storage server IP 1.30
                          Action: Open Network Share and File Transfer

                          1 Reply Last reply Reply Quote 0
                          • johnpozJ Online
                            johnpoz LAYER 8 Global Moderator
                            last edited by

                            that is just broadcast traffic - again as stated pfsense is not going to see transfer between 2 boxes on the same network segment..

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                            1 Reply Last reply Reply Quote 0
                            • DerelictD Offline
                              Derelict LAYER 8 Netgate
                              last edited by

                              The only thing I can think of is we're really not talking about transfer rate but session start timeouts.  Maybe OP's transferring a lot of little files and each transfer is dependent on DNS for something and has to timeout every time with one specific order of nameservers.  Just guessing.

                              Chattanooga, Tennessee, USA
                              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                              Do Not Chat For Help! NO_WAN_EGRESS(TM)

                              1 Reply Last reply Reply Quote 0
                              • johnpozJ Online
                                johnpoz LAYER 8 Global Moderator
                                last edited by

                                I don't even see any dns queries in there.. What I do see is prob plex which I believe uses that 32414 and 12 ports..  And some netbios stuff to ports 137 and 138 broadcast which pfsense is never going to answer anyway since it doesn't do any sort of wins support, etc.  Even if that is what the traffic was - which I doubt since wins traffic is not broadcasted..

                                OP how are you access the shares via fqdn or IP?  If your access shares like \1.2.3.4 then dns is never going to be invovled.  If your doing \hostname or \hostname.something.tld then you could do a dns query for that, hostname is not good way to expect dns to respond anyway.

                                It can work with suffix search added by client, etc..

                                If you post a sniff of your file transfer working how you want (fast) and then when its slow we can take a look and help you figure out what the slow down is - but it sure is not going to have anything to do with pfsense.

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                1 Reply Last reply Reply Quote 0
                                • ghostshellG Offline
                                  ghostshell
                                  last edited by

                                  Found out res was through the FW and not through the local DNS server.

                                  1 Reply Last reply Reply Quote 0
                                  • ghostshellG Offline
                                    ghostshell
                                    last edited by

                                    No plex

                                    1 Reply Last reply Reply Quote 0
                                    • DerelictD Offline
                                      Derelict LAYER 8 Netgate
                                      last edited by

                                      It's on you to provide more info.  I have no idea what that means.

                                      Chattanooga, Tennessee, USA
                                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                      1 Reply Last reply Reply Quote 0
                                      • johnpozJ Online
                                        johnpoz LAYER 8 Global Moderator
                                        last edited by

                                        @ghostshell:

                                        No plex

                                        I would beg to differ to be honest..

                                        14:26:41.306997 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                                            192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                                        14:26:41.307097 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                                            192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21

                                        Clearly 192.168.1.30 is broadcasting traffic on well known plex ports..

                                        https://support.plex.tv/hc/en-us/articles/201543147-What-network-ports-do-I-need-to-allow-through-my-firewall-
                                        The following ports are also used for different services:

                                        UDP: 1900 (for access to the Plex DLNA Server)
                                            UDP: 5353 (for older Bonjour/Avahi network discovery)
                                            UDP: 32410, 32412, 32413, 32414 (for current network discovery)
                                            TCP: 32469 (for access to the Plex DLNA Server)

                                        While sure it could be something else - this is the only use of those ports that I am aware of.. Without seeing the actual sniff that can open in wireshark or something - that would be my guess to what the traffic is.

                                        And again - this traffic has nothing to do with file transfers between 2 boxes on the 192.168.1.0/24 network - since pfsense would never even see that traffic.  This is just typical broadcast noise..

                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                        If you get confused: Listen to the Music Play
                                        Please don't Chat/PM me for help, unless mod related
                                        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.