pfBlocker & slow speeds

Tleary

@RonpfS @johnpoz I'm looking into this, might take me some time to get accurate tests. When I get a better understanding of how Unbounding is working for my 3100-SG, I'll post back. I'm spending time deciphering the packages logs. Update will be coming. thx!!

Tleary

@johnpoz @RonpfS Alright, so I have the issue occurring, but I can't tell which log I should be checking.
The Log Files error.log:

[ pfB_Main_Block_List_IPv4_v4 - uBlockFiltersPlus_v4 ] Download FAIL [ 10/25/19 00:01:54 ]
[ raw.githubusercontent.com ] Domain listed in DNSBL

Restoring previously downloaded file contents.... unknown http status code | 0

[ DNSBL_Malicious2 - StevenBlack_BD ] Download FAIL [ 10/25/19 08:00:15 ]
[ raw.githubusercontent.com ] Domain listed in DNSBL

Restoring previously downloaded file
. unknown http status code | 0

.----------
The System Log / General is ok. Mostly says no update needed:
Oct 25 13:04:06 check_reload_status Syncing firewall
Oct 25 13:04:10 check_reload_status Syncing firewall
Oct 25 13:04:10 check_reload_status Syncing firewall
Oct 25 13:04:11 check_reload_status Reloading filter
Oct 25 13:04:11 php-fpm 362 [pfBlockerNG] Stopping firewall filter daemon
Oct 25 13:04:22 check_reload_status Syncing firewall

johnpoz

why is your download failing?

RonpfS

@Tleary said in pfBlocker-ng slow speeds:

@johnpoz @RonpfS Alright, so I have the issue occurring, but I can't tell which log I should be checking.
The Log Files error.log:

Maybe start with Firewall / pfBlockerNG / Log Browser pfblockerng.log ;-)

Tleary

Yes, lol, well, what I mean is...I went through all the logs and was wondering if there was anything to specifically identify. I had seen pfblockng.log. All it contained was my feeds really. There was one failing for githubcontent.com @johnpoz soI removed that feed. The error.log wasn't useful either. It just had two lines that repeated; the failure and status code 0. I'll keep going through the logs but even though there's so many I haven't seen one to explain this problem.

The failed log is in another post: https://forum.netgate.com/topic/124227/dnsbl-blocks-itself/3

Tleary

Following up. I just had the issue again. This time I checked out my Resource Monitor. The TCP Connection monitor was very high but I did not have a ridiculous amount of browsers open. I looked at TCP View and the connections were fine; quantity, bytes sent/received, software connected. Proccess Explorer was fine. I have a very good computer. i7 9xxx 32gb ddr4. m.2. My ISP gives me a lot of bandwidth. Anyway, the bandwidth went down to 30MiB. I disabled my NIC. When I reenabled it the speed tests were fine again. So, I have to look more into managing my network adapter I suppose. The driver's updated. I'm not sure why it's getting such a loss of performance. I'll have to look at a way to clear it just like disabling it does. I'll continue to review the DNSBL logs and post anything notable. The issue is fixed by disabling pfBlocker but I'm not clear on the connection.

Post Note: The Resource Monitor showing 90% TCP connections are on tons of computers, including a work computer. I don't know if the conclusion was correct. I'm going to run ipconfig /flushdns next time or I'm going to sleep all my tabs next time.

Tleary

Post Comment: It still occurs sometimes. If I use a VPN client to bypass the pfsense the Internet 'speeds' are fine and fast. Instantly after connecting everything loads ultra fast.

gmxpt

@tleary just got started into pfsense two months ago, previously I was using a commercial router and PiHole as my DNS blocker. I'm currently experiencing the same problems you describe. I've noticed that while browsing certain content (or the website itself) will take a longer time to load, but once it loads the speed is ok. For example, one website I visit often is 9gag.com, the website will load fast enough, but when I want to see the comments on a post it takes a long time for the content that is not text to load i.e. images and videos inside the comments. Speed tests don't really help, it takes "longer" to load the speedtest website, but once it loads the speed test results are great.
I haven't done much troubleshooting in the issue, but as you mention, if I turn on my VPN on my phone (which bypasses the firewall rules created by pfblocker) or when I disable pfblocker everything loads at a normal/faster speed. BTW I'm using the SG-1100.
I don't have a solution, but at least we know we are not alone with this problem.

Tleary

@gmxpt That's awesome to hear. I've been using it for two years now. I found that I was filtering too much. It was like a nice simple dns request would get to pfBlocker and freak out. So I worked on tuning DNS at a few different levels. I set the pfSense to use OpenDNS. I added the Squid proxy app and it made a big difference. I got rid a lot of duplicates, unnecessary filter rules, and started considering the DNS process as a whole, and took down that roadblock. When I was connected with VPN it got to skip past my configs. I wish I watched the two Packt Pub video modules first.

catchman

I can also (kind of) confirm this.

But just to be clear - a speed test will result in full speed.
But some web pages will open very slow, at first i thought my dns is very slow.
As when the page load it does at a normal speed, just very delayed.

As nearly every website is using sources(scripts, ad, tracker,...) from all over the place, its hard to pinpoint.
I think it might be slow if some parts of the page are blocked.

But I don't know if the browser is waiting for a timeout or a js script has trouble.

Orwi

@johnpoz said in pfBlocker & slow speeds:

How exactly does blocking dns dns slow down your "speed" Make ZERO sense..

Something either resolves or it doesn't - pfblocker as nothing to do with the traffic moving through pfsense..

Your blocked or your not blocked - how does that slow you down?

may the dead live forever.
So I exhume this thread here ;)

It is >=4 years later and the behavior still exists.
Using pfBlocker leads here and there, more than less, to a creeping slow experience on SOME sites.

An answer like yours is very... how can I say it withuot being unpolite... not helpful and sounds more like defending the own team.

Speaking about teams - with another sense and it's integrated lists, I was able to circumvent this - half way. The other half: Just using another unbound didn't do the trick for me. But after I disabled pfBlocker - my internet experience was blazing again - also without ads.

jrey

@Orwi said in pfBlocker & slow speeds:

It is >=4 years later and the behavior still exists.

let me see, how can I say it without being un-polite...

I can't, if you still have not figured it out after 4 years, sounds like a you problem.

I'm not part of any team, club or otherwise in regards to Netgate, pfSense or pfBlockerNG.

However, if you have a problem, dragging up an old thread and saying "it is broken, can you make it go" provides zero benefit to you or anyone else.

pfBlockerNG is likely not the direct cause of your throughput issue (aka slow speeds). I use pfB, understand what and how it is doing what it is doing. Zero throughput issues.

You should open a new thread and provide details of your specific and current issue. You just never know, in that case, someone might actually help.
Certainly not going to troubleshoot an issue that is being perceived to be the same as something from 4 years ago.

johnpoz

@jrey said in pfBlocker & slow speeds:

I use pfB, understand what and how it is doing what it is doing. Zero throughput issues.

Exactly - my point from years ago, was once something is resolved - it has no bearing on latency to the ip it resolved to or as the OP was saying his speedtest.

Now in theory could some site take a while to load if your dns was horrible and took forever to resolve stuff that was being loaded by the page, like images or ads or frames, etc..

But once something is resolves to the IP - dns is out of the picture to speed or latency of talking to something..

Orwi

yeah, the theory is well known to me. The reaction here what I expected.
We all agree, once a name is resolved, DNS is out of question.
Then let's have a closer look, because pfBlocker isn't done here.

First let me narrow it a bit down:
pfBlocker had times it works as expected, also with expected speed, then it doesn't.
Then, changing DNS, still not the greatest results, as pfsense at all is out of question here - regards DNS, it is still in the game with routing, so is pfblocker.
...or.. do the lists, pfBlocker adds to the floating or interface tabs a DNS thing? If yes, I am eager to hear the technical explanation.

2 reasons, I violated the dead:

• this thread is stil high in search ranking
• the reactions here are not helpful, but blaming the victim(s). It is a 'simple solution' to a more complicated problem.

Back to technical topic:
If pfBlocker isn#t the problem, how do you explain the problem be gone, by disabling it at all?
This is nor correlation, this is causal.

What I not care anymore is why it SOMETIMES behaves correct, and often not. But for this, I don't invest time anymore.

jrey

@johnpoz said in pfBlocker & slow speeds:

Exactly - my point from years ago,

Yup.

Now in theory could some site take a while to load if your dns was horrible and took forever to resolve stuff that was being loaded by the page, like images or ads or frames, etc..

Hypothetically speaking -- yes.
-->> "if your dns was horrible". , or the connection, or the web server at the other end, or, or, or.

a) if you are visiting a page that has say 100 things that need to be looked up, and your dns was horrible, that would take longer to render than a page that has say 10 things to lookup. (but would you notice?)
b) if your machine is undersized for the volume of traffic you are trying to put through it. (two tin cans on a string?)
c) if you have every possible list in the world added and trying to parse huge lists
d) if you have the frequency of updates for lists set too frequently
e) maybe if it is Tuesday

@Orwi

Speaking about teams - with another sense and it's integrated lists, I was able to circumvent this - half way. The other half: Just using another unbound didn't do the trick for me. But after I disabled pfBlocker - my internet experience was blazing again - also without ads.

because why?.. sounds like and is purely a guess at this point, but that something was off loaded - "with another sense"
"half way" whatever that means?
"just using another unbound didn't do the trick" - what does that mean? that the DNS was pointed somewhere else?
"But after I disabled pfBlocker - my internet experience was blazing again - also without ads." - was this on the first or second "with another sense" -- what is blocking the ads now?

Either way the OP adding the new comment, should open a new thread, not bring back the dead, and just assume " the behavior still exists". Just because it is something that "sounds the same" as a problem being experienced today. So we have a classic case, IMHO. of someone that is seeing a result and labelling it, and not a cause.

johnpoz

@jrey said in pfBlocker & slow speeds:

a) if you are visiting a page that has say 100 things that need to be looked up, and your dns was horrible, that would take longer to render than a page that has say 10 things to lookup. (but would you notice?)

Prob not even if your dns was talking like 300ms for each query. still doesn't add up to alot to be honest even if 10 different fqdn to look up.. And then on your next reload of that page all the dns would be cached anyway - unless you didn't come back to until after the cache or your dns restarted and lost the cache.

And if the page was designed correctly - even if some of the stuff didnt resolve you should still get a partial render of the page, etc.

Where did the OP go? Says he hasn't been online since 2021.. The new poster is not the OP.. I am going to lock this thread.. If the new poster is having issues he should create a thread with his specifics and his troubleshooting efforts showing that dns or pfblocker is the problem - because that was never the case with this very old thread.