Behind pfsense and my download speed is cut in half
-
Just a wild ass guess to be honest.. But that for sure could explain why a native client is not throttled, and while something behind a router has different speeds if they are doing something with the odd ttl you would see..
Simple enough to see for yourself with some sniffing.. Here you can see traffic generated by pfsense with the 64 ttl, and then traffic that went through pfsense has 63
Again this is just spit balling an "idea" that "could" possible explain how an isp could dick with speeds if they wanted too, etc. Or could be an issue on their system that doing something based upon some other unknown details of the traffic??
That they did the test with their own equipment (router) for sure completely rules out anything pfsense is doing or not doing to cause the issue. Do you have say some wifi router you could use - that sees the same problem?
edit: What specific "modem" are you using it just a true cable modem, or is it a gateway in "bridged" mode - or is also doing nat? Asking for clarification, because seems like 9 out of 10 times someone says "modem" they really mean gateway, ie modem/router combo box and not just actual modem.. Cable connections are quite often true modems - but many of these isp like handing out gateways now..
-
@stephenw10 we’re talking about Xfinity techs here now Lol
The guy that came out went outside several time to “talk” to another Xfinity guy he knows that has a “switch” at his house that maybe could help him shed some light on what I was experiencing but the guy didn’t answer or something else.
This is why Xfinity needs real competition in the marketplace. I believe they are doing this mess and leaving their techs out to dry, so to speak, when they’re called out for this particular kind of issue.
-
@johnpoz my cable modem is an Xfinity approved Netgear CM1000.
And I truly believe that Xfinity would love for me to replace all of my own equipment for theirs.;)
-
@hpspar05 When you direct connect to the modem, what IP address do you get? The WAN address or a private address?
What is the LAN network you are using?
And what is the modem/gateway make/model?
If you have VOIP phone service and wireless without additional access points, it's a gateway not a modem. FWIW, I get 300 down through pfSense and a Netgear CM600 modem on Xfinity.EDIT - OK, so a CM1000. Are your interfaces on pfSense all set to auto-negotiate?
-
@provels I get WAN address when directly connected to the cable modem. I get the rated speed I pay for when directly connected to the cable modem, even on the test modem that was brought out yesterday, I got my rates 150mbps when directly connected to their cable modem.
Here’s my equipment; Netgear CM1000; pfsense 2.4.4 on Protectli Vault 6 port; and UniFi Switch 8 150.
-
Ah, there may be some confusion here. The technician who came out just replaced your modem? They didn't test a different router behind your modem? Or any other modem/router combo for that matter?
Steve
-
@provels Yes, speed and duplex are set to default autoselect
-
@stephenw10 nope, he only test his modem and then we directly connected my laptop to it which speed was fine as usual. But once we added the wall behind the his modem, my speed reduced by half for all firewalls tested behind his and my own. So he didn’t think and I didn’t think to connect another modem behind one another, is that what you’re referring too?
-
@hpspar05 Sounds like it could be a Protectli problem to me. Maybe try one of the other opensource FW products, like OpenSense, Smoothwall, etc. to see if you get similar results.
-
@stephenw10 And yes we tested different firewalls behind both xfinity and my own modems. And he take his modem with him when he left. I don’t do Xfinity equipment if I don’t have to have it;)
-
So the Xfinity technician tested the firewall he brought with him and the speed was half?
If so there is nothing to talk about here. They need to fix it. There is nothing we can do for you.
-
@provels if you look back at my submissions here, I have other firewalls that were tested; SG1100, UniFi USG etc, all with the same issue behind the Xfinity cable modem and my Netgear CM1000.
-
@hpspar05 Then we'll all agree it's a Comcast issue.
-
Ok then, yeah, it has to be some upstream issue. And unfortunately it sounds like the sort of issue that Comcast will deny for as long as they can before some high level technician fixes it in 2mins.
Steve
-
@Derelict The tech only brought out a test cable modem, he didn’t have a separate Xfinity firewall if that’s a thing.
-
Whatever it is it's not pfSense. You'll have to work with Xfinity to figure out what it is.
-
The Netgear CM1000 is generally a stellar modem. Broadcom based. Nothing wrong with those.
Try spoofing the mac address of your laptop on your router WAN page. I have seen various cable ISP's hand out very different IP ranges based on MAC address.
-
@stephenw10 yelp and bingo.) Even you guys are throttling my replies, I can’t reply back until after 120sec Lol
-
@hpspar05 Considering the caustic behavior on this thread it's about to be locked unless some actual information is posted.
-
@Derelict Yes I think this is so, what’s happening here isn’t something they will own up to or fix though I believe. Ultimately, Xfinity wants people to rent their equipment.
