Internet is slow behind pfsense
-
Long time no bridge… ::)
-
"on my ESXI 5.5 i've got 4 1GB NICS, and have all of them on one group."
What?? That makes NO SENSE – how do you isolate between your wan and your lan on pfsense..
So you have 1 vswitch? Please post your esxi setup like I did for vswitches and lets see this setup of your 4 nics - did you setup a lagg on your switch?
between pfsense and internet there is my ISP Modem.
this is a lab and the VM's are having a static iP, and the ISP Modem DHCP is off.
so all the traffic is going through 4 NICS ( WAN and LAN ).yes using one vSwitch but all the VMS are statics.
-
So your trying to run 2 networks over the same wire (wan and lan)?? Just by changing the ips.. Yeah sorry it doesn't work that way..
Break out a nic for you WAN, then another one for your LAN put them on 2 different vswitches. I would also break out your vmkern.. IF you have a managed switch you can use the same switch with vlans. But your wan connection should really just be direct to your esxi host interface..
-
So your trying to run 2 networks over the same wire (wan and lan)?? Just by changing the ips.. Yeah sorry it doesn't work that way..
Break out a nic for you WAN, then another one for your LAN put them on 2 different vswitches. I would also break out your vmkern.. IF you have a managed switch you can use the same switch with vlans. But your wan connection should really just be direct to your esxi host interface..
thank John,
you mean 1 NIC for the WAN and Managenement of the ESXI and 3 Groups NICS for the LAN and traffic.Like WAN = gonna use Vlan 2
and LAN= Vlan 3
ect.. ?According to VMware NIC Teaming is the best practise for ESXI provide reduncency, speed, and increase the netwrok capacity
isn't John ?
-
dude this is a LAB not some mission critical production setup.. And even if it was you sure wouldn't run 4 nics all to the same vswitch for both wan and lan networks. Was it a trunk and you were setting up vlans on pfsense? If so you made no mention of vlans in your setup.
Break out your NICS What is your internet speed again, how and the F do you think you need 3 nics to lan?? If you want to do failover then put 2 on each and sure you can share your vmkern port with your lan. But it hurts performance to and from the datastore for moving files. This is normally rare - but you have 4 nics to play with.
Doesn't really matter what vlan numbers you put on them.. They will be physically isolated I would hope - but sure if you have to run your wan through your switch it can be on a different vlan. Pfsense doesn't really care in that sort of setup.
I can tell you what vmware doesn't say is try and run 2 different networks over the same freaking wire that is for damn sure.. So what mode did you have these nics in when groups? teamed/lagged/loadbalanced/failover? Did you lagg them on the switch?
-
dude this is a LAB not some mission critical production setup.. And even if it was you sure wouldn't run 4 nics all to the same vswitch for both wan and lan networks. Was it a trunk and you were setting up vlans on pfsense? If so you made no mention of vlans in your setup.
Break out your NICS What is your internet speed again, how and the F do you think you need 3 nics to lan?? If you want to do failover then put 2 on each and sure you can share your vmkern port with your lan. But it hurts performance to and from the datastore for moving files. This is normally rare - but you have 4 nics to play with.
Doesn't really matter what vlan numbers you put on them.. They will be physically isolated I would hope - but sure if you have to run your wan through your switch it can be on a different vlan. Pfsense doesn't really care in that sort of setup.
I can tell you what vmware doesn't say is try and run 2 different networks over the same freaking wire that is for damn sure.. So what mode did you have these nics in when groups? teamed/lagged/loadbalanced/failover? Did you lagg them on the switch?
hi John,
on the switch i have Two Vlans
Vland 1 Default and Vlan 4 for productions,2 NICS for the LAN and 2 for the WAN both are Teamed " Route Based on the original VLAN ID" and both on Fail over.
the switch is also new not completely configured but have created 1 Extra VLAN,
if i break out the NICS to two different Wire , should i create a rules on pfsense to be able to communicate with the WAN VLAN too ?
i want to be able to manage the WAN from the LAN too. -
Manage the wan from the lan? What??
Do you understand what a firewall/router is?
Please draw up what you want your network to be.. Yes devices connect to your lan can access stuff on your wan. Out of the box pfsense creates a any any rule for lan to wan (normally internet) It also out of the box NATs this traffic to look like it came from the IP on the pfsense wan.
If you want to just use it as a router/firewall and not the nat, you can do that too. The rules you allow between segments is would determines what you can "manage" ?? This term makes no sense. Are you talking about accessing pfsense gui or ssh from the wan side? What is it you want to "manage"
-
Manage the wan from the lan? What??
Do you understand what a firewall/router is?
Please draw up what you want your network to be.. Yes devices connect to your lan can access stuff on your wan. Out of the box pfsense creates a any any rule for lan to wan (normally internet) It also out of the box NATs this traffic to look like it came from the IP on the pfsense wan.
If you want to just use it as a router/firewall and not the nat, you can do that too. The rules you allow between segments is would determines what you can "manage" ?? This term makes no sense. Are you talking about accessing pfsense gui or ssh from the wan side? What is it you want to "manage"
i want to manage the ISP Modem, Switch and other devices that are running on the WAN
John i love you man,
i have 1 NIC on the LAN and 2 NICS on the WAN ( one Group ) , i've noticed the traffic is faster, Internet pages load faster than before !
Thank you so much for the tip no having two Networks on one wire.
If i have 3 NICS " for better performance should i group two NICS on the LAN or WAN ?you are the man again thank you so much.
-
Again its a router firewall, why would you not be able to access stuff on the wan segment or internet as long as you don't forbid it in the firewall of pfsense. You access the internet right ;)
Not really much to "manage" on a modem if you ask me.. What you want to check your signals? Why would your switch management interface be on the wan?? Put its management IP on the lan side..
As to your 2 nics on the wan? Thought your internet speed was 4mbps or something.. WTF you need 2 gig interfaces for?? Failover ok – thought this was a lab do you really need failover redundancy in a lab? You sure and the hell don't need the extra bandwidth ;) you do understand 1000mbps is WAY faster than 4Mbps!! Where are you wanting to go that you think you need a 2 Gig lan super highyway when right after you leave your driveway at 1 gig you hit a gravel road with a speed limit of 4mbps..
Where do you think you need this "performance" I would leverage your interfaces for actual segments if needed.. Ie 1 for vmkern, 1 for wan, 1 for lan and last one maybe wireless segment? Or DMZ segment, or Lan2, etc.. using it for "performance" you will never need or use is misuse. As to failover - ok if it was production mission critical and that connection can not go done, ok.. But I don't see that in this setup..
-
1000mbps=1bps. :P
-
Damn thats fast…. haha
