Behind pfsense and my download speed is cut in half
-
Ah well if it still did it behind the router the technician had that's definitely an upstream problem somehow.
Hard to explain why a directly connected laptop does not though....
Steve
-
i saw once something similar with linux and realtek card, slim chance you have that?
-
Only thing off the top of my head that comes to mind would be the ttl, any router would reduce the TTL by 1 as it goes across that hop.. This seems pretty far fetched, but it is possible they could do something like that. Why it would be done in one direction only seems odd for sure.
Some isp can do such things to prevent (some even block if the ttl is not full) or discourage use of other routers.
I had comcast very long time.. Never seen such an issue before.
Other thing that comes to mind is throttling of connection for new device. Via the mac address connected to the modem.. What did you originally setup the service with? The laptop directly connected.. Also is really a modem, or a gateway device ie modem/router combo..
That when you test from the wan interface of pfsense with a speedtest-cli you get full speed would rule out the mac throttling idea - but the ttl would be full leaving pfsense own interface, vs something that was natted/routed from behind it.
Just spit balling ideas here.
I would sniff a test from you fullspeed laptop, and then on wan of router and look for issues - lots of retrans, much lower receive window size? etc.. Notice what the hop ttl is. It is possible to adjust the outbound ttl hop, so you can not tell that your connection is behind a router. I believe there was some code posted long time ago, not sure if still possible on pfsense. Have to do a bit of searching for that long ago post/threads
-
@stephenw10 My TinFoil Hat material has increased in thickness after the Xfinity tech left yesterday.;)
I donāt know why Xfinity would be throttling my home. We donāt do anything but stream and surf the net.
Maybe, Xfinity doesnāt like firewalls and VPNās etc, behind theirās and other cable modems. Go figure I guess. This throttling, as I call it, just started by the way too. My internet speeds have been ok up until now.
After searching the forums here, you have had this similar kind of issue with several other Netgate users over the years, maybe they have Xfinity too.;)
-
here is that thread I remember about doing a mangle on the outbound ttl just for reference that it is possible to mangle that so its full value vs what is clearly an odd hop ttl.
https://forum.netgate.com/post/154305
I knew it was dated - that is from 2007 ;)
-
@johnpoz Thanks, Iāll dig into this after we get back home today.
-
There have been several cases where ISPs will throttle any traffic that isn't correctly tagged for priority. And for additional MAC addresses. But both of those would apply to a directly connected laptop equally. And you would hope a technician would be aware of those restrictions.
Steve
-
Just a wild ass guess to be honest.. But that for sure could explain why a native client is not throttled, and while something behind a router has different speeds if they are doing something with the odd ttl you would see..
Simple enough to see for yourself with some sniffing.. Here you can see traffic generated by pfsense with the 64 ttl, and then traffic that went through pfsense has 63
Again this is just spit balling an "idea" that "could" possible explain how an isp could dick with speeds if they wanted too, etc. Or could be an issue on their system that doing something based upon some other unknown details of the traffic??
That they did the test with their own equipment (router) for sure completely rules out anything pfsense is doing or not doing to cause the issue. Do you have say some wifi router you could use - that sees the same problem?
edit: What specific "modem" are you using it just a true cable modem, or is it a gateway in "bridged" mode - or is also doing nat? Asking for clarification, because seems like 9 out of 10 times someone says "modem" they really mean gateway, ie modem/router combo box and not just actual modem.. Cable connections are quite often true modems - but many of these isp like handing out gateways now..
-
@stephenw10 weāre talking about Xfinity techs here now Lol
The guy that came out went outside several time to ātalkā to another Xfinity guy he knows that has a āswitchā at his house that maybe could help him shed some light on what I was experiencing but the guy didnāt answer or something else.
This is why Xfinity needs real competition in the marketplace. I believe they are doing this mess and leaving their techs out to dry, so to speak, when theyāre called out for this particular kind of issue.
-
@johnpoz my cable modem is an Xfinity approved Netgear CM1000.
And I truly believe that Xfinity would love for me to replace all of my own equipment for theirs.;)
-
@hpspar05 When you direct connect to the modem, what IP address do you get? The WAN address or a private address?
What is the LAN network you are using?
And what is the modem/gateway make/model?
If you have VOIP phone service and wireless without additional access points, it's a gateway not a modem. FWIW, I get 300 down through pfSense and a Netgear CM600 modem on Xfinity.EDIT - OK, so a CM1000. Are your interfaces on pfSense all set to auto-negotiate?
-
@provels I get WAN address when directly connected to the cable modem. I get the rated speed I pay for when directly connected to the cable modem, even on the test modem that was brought out yesterday, I got my rates 150mbps when directly connected to their cable modem.
Hereās my equipment; Netgear CM1000; pfsense 2.4.4 on Protectli Vault 6 port; and UniFi Switch 8 150.
-
Ah, there may be some confusion here. The technician who came out just replaced your modem? They didn't test a different router behind your modem? Or any other modem/router combo for that matter?
Steve
-
@provels Yes, speed and duplex are set to default autoselect
-
@stephenw10 nope, he only test his modem and then we directly connected my laptop to it which speed was fine as usual. But once we added the wall behind the his modem, my speed reduced by half for all firewalls tested behind his and my own. So he didnāt think and I didnāt think to connect another modem behind one another, is that what youāre referring too?
-
@hpspar05 Sounds like it could be a Protectli problem to me. Maybe try one of the other opensource FW products, like OpenSense, Smoothwall, etc. to see if you get similar results.
-
@stephenw10 And yes we tested different firewalls behind both xfinity and my own modems. And he take his modem with him when he left. I donāt do Xfinity equipment if I donāt have to have it;)
-
So the Xfinity technician tested the firewall he brought with him and the speed was half?
If so there is nothing to talk about here. They need to fix it. There is nothing we can do for you.
-
@provels if you look back at my submissions here, I have other firewalls that were tested; SG1100, UniFi USG etc, all with the same issue behind the Xfinity cable modem and my Netgear CM1000.
-
@hpspar05 Then we'll all agree it's a Comcast issue.
