What logs are useful to troubleshoot an ISP issue?

  • Hi,
    New pfSense user (about 4 months now) running on a Netgate SG-3100. I have a pretty simple setup, two /24 networks served by pfSense via NAT from a DHCP WAN address from my ISP. No VPNs or anything fancy. For the past 4 months its been working great. The past two days my connection keeps dropping, and I've found that if I release and renew the WAN IP I can get a connection back. Sometimes for 5 minutes, sometimes for 5 hours.

    I'd like to dig deeper into this to get on Comcast/Xfinity's case here, but I don't really know which logs I should be looking at to see what (if anything) might be the problem.

    The Comcast/Xfinity modem is in bridge mode (and has been for years, even with my previous router) so I'm not fighting any double NAT issues.

    I've tried all the "usual" stuff of rebooting everything, but the issue persists.

    If anyone can give me some hints as to where I should be looking I'd really appreciate it.


  • Hi,

    Some where on this forum you find a series of messages where some one inserted a widget into pfSense that implements a 'speedtest'.
    Not that I want you to install the full GUI based things, but that you know how to install 'speedtest' using basic CLI commands, and execute it from the console / CLI.

    Note : must be something like :

    pkg install speedtest

    I propose to renew the IP, and then rip out all the 2 LAN cables of your 3100.
    This creates the situation that your traffic does not influence 'some system' on the ISP side that starts to qualify your traffic. pfSense itself does communicate with the out side world, but if you do not use the GUI, this traffic could be measured in bytes or a kilo byte a minute, or even an hour.
    So, get an new IP, and a execute a CLI speed test. Note the speed.
    Renew the IP, wait some more time, and re do the test.
    What you want to know : does the speed get worse even when you do not use any traffic at all ?
    If it doesn't, then chances are great that your ISP is playing the QOS card against you.
    The most known situation is : all traffic is not equal. P2P will always get 'what's left'. Resetting the IP will reset the QOS.

    If the speed gets worse even when you do not communicate at all, then it becomes most probably that the issue isn't on your side at all.
    What type of uplink do you use , Fibre ? Cable ? ADSL over POTS ?

    edit : local logs will mention local soft- and hardware failures related to the local traffic and hardware. Speed is out of control as soon as the traffic is outside of pfSense's interfaces.
    If something is throttling upstream, then there is no way 'pfSense' can know what traffic comes in faster, or slower, at any time.

  • @bkhiatt

    One thing to check is the DHCP lease, to see if it's being renewed, but given your description that doesn't sound like the issue. Can you ping the gateway when the connection fails?