Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    File Download/Speed Test Locks Up pfSense

    Scheduled Pinned Locked Moved pfBlockerNG
    8 Posts 2 Posters 713 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Grunt0307
      last edited by

      Ive run into an issue where if I download a file large enough to take advantage of my full internet connection, 400MBps down, or run a speedtest, my SG-5100 locks up and I have to perform a hard reset. I'm running pfBlockerNG and Suricata and have upgraded the RAM to 16GB. If I disable pfBlockerNG, the issue goes away.

      Is there a way I can tweak pfBlockerNG to improve performance or resolve this issue?

      1 Reply Last reply Reply Quote 0
      • G
        Grunt0307
        last edited by

        I assume the below will be useful, it's the summary information from my last full update:

         69724 total
           40061 /var/db/pfblockerng/deny/Alienvault_v4.txt
           14250 /var/db/pfblockerng/deny/CINS_army_v4.txt
            6181 /var/db/pfblockerng/deny/BDS_TOR_v4.txt
            5174 /var/db/pfblockerng/deny/DNSBLIP_v4.txt
            1465 /var/db/pfblockerng/deny/ET_Comp_v4.txt
             847 /var/db/pfblockerng/deny/ET_Block_v4.txt
             558 /var/db/pfblockerng/deny/ISC_1000_30_v4.txt
             441 /var/db/pfblockerng/deny/Abuse_Feodo_C2_v4.txt
             332 /var/db/pfblockerng/deny/Abuse_IPBL_v4.txt
             134 /var/db/pfblockerng/deny/BBC_C2_v4.txt
             107 /var/db/pfblockerng/deny/Abuse_Zeus_v4.txt
              96 /var/db/pfblockerng/deny/Spamhaus_eDrop_v4.txt
              72 /var/db/pfblockerng/deny/Abuse_SSLBL_v4.txt
               5 /var/db/pfblockerng/deny/ISC_Block_v4.txt
               1 /var/db/pfblockerng/deny/Spamhaus_Drop_v4.txt
        
        ====================[ Empty Lists w/127.1.7.7 ]==================
        
        Spamhaus_Drop_v4.txt
        
        ===[ DNSBL Domain/IP Counts ] ===================================
        
          577637 total
          169469 /var/db/pfblockerng/dnsbl/hpHosts_EMD.txt
          117809 /var/db/pfblockerng/dnsbl/hpHosts_FSA.txt
          115592 /var/db/pfblockerng/dnsbl/hpHosts_PSH.txt
           31567 /var/db/pfblockerng/dnsbl/AntiSocial_BD.txt
           25522 /var/db/pfblockerng/dnsbl/MDS.txt
           17979 /var/db/pfblockerng/dnsbl/hpHosts_PUP.txt
           17508 /var/db/pfblockerng/dnsbl/Shallalist_spyware.txt
            8709 /var/db/pfblockerng/dnsbl/Shallalist_adv.txt
            8376 /var/db/pfblockerng/dnsbl/hpHosts_PHA.txt
            8306 /var/db/pfblockerng/dnsbl/hpHosts_ATS.txt
            7548 /var/db/pfblockerng/dnsbl/Abuse_URLBL.txt
            6456 /var/db/pfblockerng/dnsbl/Spam404.txt
            6054 /var/db/pfblockerng/dnsbl/SWC.txt
            4708 /var/db/pfblockerng/dnsbl/Cameleon.txt
            4410 /var/db/pfblockerng/dnsbl/Shallalist_adv_v4.ip
            3916 /var/db/pfblockerng/dnsbl/CoinBlocker_All.txt
            2532 /var/db/pfblockerng/dnsbl/SFS_Toxic_BD.txt
            2523 /var/db/pfblockerng/dnsbl/MDS_Immortal.txt
            2377 /var/db/pfblockerng/dnsbl/EasyPrivacy.txt
            1983 /var/db/pfblockerng/dnsbl/hpHosts_MMT.txt
            1900 /var/db/pfblockerng/dnsbl/Abuse_DOMBL.txt
            1707 /var/db/pfblockerng/dnsbl/SBL_ADs.txt
            1505 /var/db/pfblockerng/dnsbl/D_Me_ADs.txt
            1335 /var/db/pfblockerng/dnsbl/Shallalist_spyware_v4.ip
            1048 /var/db/pfblockerng/dnsbl/hpHosts_EXP.txt
            1034 /var/db/pfblockerng/dnsbl/hpHosts_WRZ.txt
             999 /var/db/pfblockerng/dnsbl/MDL.txt
             941 /var/db/pfblockerng/dnsbl/EasyList.txt
             894 /var/db/pfblockerng/dnsbl/Shallalist_tracker.txt
             726 /var/db/pfblockerng/dnsbl/Yoyo.txt
             698 /var/db/pfblockerng/dnsbl/BBC_DC2.txt
             463 /var/db/pfblockerng/dnsbl/MVPS.txt
             305 /var/db/pfblockerng/dnsbl/hpHosts_HFS.txt
             268 /var/db/pfblockerng/dnsbl/hpHosts_GRM.txt
             165 /var/db/pfblockerng/dnsbl/hpHosts_HJK.txt
              96 /var/db/pfblockerng/dnsbl/EasyList_Adware.txt
              61 /var/db/pfblockerng/dnsbl/Adaway.txt
              58 /var/db/pfblockerng/dnsbl/Abuse_URLBL_v4.ip
              48 /var/db/pfblockerng/dnsbl/Abuse_Zeus_BD.txt
              19 /var/db/pfblockerng/dnsbl/D_Me_Tracking.txt
              11 /var/db/pfblockerng/dnsbl/Shallalist_tracker_v4.ip
               5 /var/db/pfblockerng/dnsbl/EasyList_v4.ip
               5 /var/db/pfblockerng/dnsbl/Abuse_CW_C2.txt
               1 /var/db/pfblockerng/dnsbl/EasyPrivacy_v4.ip
               1 /var/db/pfblockerng/dnsbl/D_Me_Malv.txt
               0 /var/db/pfblockerng/dnsbl/ISC_SDH.txt
               0 /var/db/pfblockerng/dnsbl/D_Me_Malw.txt
               0 /var/db/pfblockerng/dnsbl/Abuse_TC_C2.txt
        
        ====================[ IPv4/6 Last Updated List Summary ]==============
        
        Jun 18	07:01	Abuse_Zeus_v4
        Jun 21	12:25	Spamhaus_Drop_v4
        Jun 23	14:38	Spamhaus_eDrop_v4
        Jun 23	23:29	ET_Block_v4
        Jun 23	23:29	ET_Comp_v4
        Jun 24	13:02	ISC_1000_30_v4
        Jun 25	00:06	DNSBLIP_v4
        Jun 25	14:48	CINS_army_v4
        Jun 25	15:12	BBC_C2_v4
        Jun 25	15:46	Alienvault_v4
        Jun 25	15:55	Abuse_IPBL_v4
        Jun 25	16:00	Abuse_Feodo_C2_v4
        Jun 25	16:00	Abuse_SSLBL_v4
        Jun 25	16:00	BDS_TOR_v4
        Jun 25	16:00	ISC_Block_v4
        
        ====================[ DNSBL Last Updated List Summary ]==============
        
        Jul 31	2015	D_Me_Tracking
        Mar 9	2016	D_Me_ADs
        Jan 19	2018	hpHosts_HFS
        Jan 20	2018	Adaway
        Mar 18	2018	Cameleon
        May 25	2018	hpHosts_EXP
        Nov 1	2018	hpHosts_HJK
        Nov 15	2018	hpHosts_GRM
        Nov 29	2018	MDS_Immortal
        Dec 30	03:10	hpHosts_MMT
        Feb 21	11:45	MDL
        May 24	17:05	hpHosts_WRZ
        May 31	22:27	Spam404
        Jun 5	04:11	Yoyo
        Jun 8	12:01	UT1_ddos
        Jun 8	12:01	UT1_malware
        Jun 8	12:01	UT1_phishing
        Jun 8	12:01	UT1_publicite
        Jun 8	12:01	UT1_warez
        Jun 11	14:05	MVPS
        Jun 12	07:18	hpHosts_ATS
        Jun 12	09:23	hpHosts_EMD
        Jun 13	04:32	CoinBlocker_All
        Jun 15	00:01	Abuse_Zeus_BD
        Jun 18	17:08	MDS
        Jun 20	17:34	hpHosts_PHA
        Jun 21	00:47	SWC
        Jun 21	16:43	hpHosts_PUP
        Jun 24	07:41	SBL_ADs
        Jun 24	16:53	hpHosts_FSA
        Jun 24	17:14	hpHosts_PSH
        Jun 24	19:01	Shallalist_adv
        Jun 24	19:01	Shallalist_spyware
        Jun 24	19:01	Shallalist_tracker
        Jun 24	23:04	ISC_SDH
        Jun 24	23:12	BBC_DC2
        Jun 24	23:17	AntiSocial_BD
        Jun 24	23:21	D_Me_Malw
        Jun 24	23:21	D_Me_Malv
        Jun 24	23:41	EasyPrivacy
        Jun 24	23:50	EasyList_Adware
        Jun 24	23:50	EasyList
        Jun 24	23:55	Abuse_DOMBL
        Jun 24	23:55	Abuse_CW_C2
        Jun 24	23:59	SFS_Toxic_BD
        Jun 25	00:00	Abuse_URLBL
        Jun 25	00:00	Abuse_TC_C2
        ===============================================================
        
        Database Sanity check [  PASSED  ]
        ------------------------
        Masterfile/Deny folder uniq check
        Deny folder/Masterfile uniq check
        
        Sync check (Pass=No IPs reported)
        ----------
        
        Alias table IP Counts
        -----------------------------
           69724 total
           40061 /var/db/aliastables/pfB_PRI2_v4.txt
           18308 /var/db/aliastables/pfB_PRI1_v4.txt
            6181 /var/db/aliastables/pfB_TOR_v4.txt
            5174 /var/db/aliastables/pfB_DNSBLIP_v4.txt
        
        pfSense Table Stats
        -------------------
        table-entries hard limit   400000
        Table Usage Count         182125
        
         UPDATE PROCESS ENDED [ 06/25/19 16:35:41 ]
        1 Reply Last reply Reply Quote 0
        • provelsP
          provels
          last edited by

          I don't run Suricata but I do run pfBlockerNG on a teeny VM with only 1.5GB RAM and can max my 300 Mbps connection. I don't know what your problem is, but could disk space be an issue? Lots of log files?

          Peder

          MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
          BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

          1 Reply Last reply Reply Quote 0
          • G
            Grunt0307
            last edited by Grunt0307

            Logs are generated, but circular logging is enabled and they're shipped off to a separate log ingest application. CPU seems fine, I've watched the dashboard CPU monitor and the highest I've seen it get is 65% during these tests.

            BTW, what's with the autocorrect on these forums...what i am typing doesn't match what is being posted.

            provelsP 1 Reply Last reply Reply Quote 0
            • provelsP
              provels @Grunt0307
              last edited by

              @Grunt0307 Assuming your running the latest release ver of pfSense, 2.4.4.p3? Do you run the devel ver of pfBlockerNG or release? I run the devel ver and it was cake to setup since it comes with some preselected lists. Have you maybe tried testing the PS for voltage and memtest-ing the memory in another box? Maybe you can boot memtest from a USB (don't know if the SG has video out). Tried with Blocker enabled and Suricata disabled?

              Peder

              MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
              BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

              1 Reply Last reply Reply Quote 0
              • G
                Grunt0307
                last edited by

                Yes, running the latest version 2.4.4.p3-devel. I haven't tested either of those things, was hoping there was a crash log or something somewhere within the OS.

                provelsP 1 Reply Last reply Reply Quote 0
                • provelsP
                  provels @Grunt0307
                  last edited by

                  @Grunt0307 Might find something in /var/log/crash

                  Peder

                  MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
                  BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

                  1 Reply Last reply Reply Quote 0
                  • G
                    Grunt0307
                    last edited by

                    I guess I should have tested more thoroughly. I have pfBlockerNG and Suricata running on it. If I disable either of these services, then the device doesn't lock up...though with just Suricata, it struggles to fully saturate a 400Mb pipe.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.