Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Slow/Unusable Internet Access Through NAT

    General pfSense Questions
    3
    6
    5495
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jwbrown77 last edited by

      Hello,

      I am attempting to setup a very basic outgoing Internet access configuration.

      My Internet connection seems to work at regular speed when I download files directly to the pfSense machine using fetch.  I can also download/install packages from the repository with no issue.

      However, no matter what source machine or network I use, I get 1KB/s downloads from behind the firewall (through NAT).

      I have looked at tcpdump while downloading with fetch on pfSense as opposed to a download through NAT.  The fetch command shows normal speed (over 200KB/s), but the NAT connection receives packets very slow (1KB/s).

      I saw someone mention MTU, but it has no effect on this issue.  I also figure that if it were MTU, then the downloads through fetch should be slow as well.

      I'd attach logs but I don't see anything out of the ordinary.  No collisions under interface statistics, nothing in the System Log… I do have all outgoing ports open during this testing phase, and I don't see any filtering issues in the log either.  No proxy server and NAT rules are set to the default (automatic).  Using different DNS servers has no effect.

      Does anyone have any clue what could be causing something like this?

      P.S. I bought the pfSense book a few weeks ago.  Nicely done.

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob last edited by

        Lots of people have configurations similar to what you describe but which function much more effectively than yours. So what's different about your configuration?

        What version are you running?

        What NIC is your WAN interface? LAN interface?

        The problem appears to be on the LAN side. Have you tried a different NIC as the LAN interface? What is downstream of your LAN NIC, a switch? a hub? another computer? Has your LAN NIC configured itself appropriately? (correct speed? correct duplex?)

        1 Reply Last reply Reply Quote 0
        • J
          jwbrown77 last edited by

          Yeah, even I have a working configuration on 1.2 on our production box using a different Internet line.

          Let me give some more details on my environment.

          Version: 1.2.3 final

          Switches: I've tried two different sets of switches.  My LAN uses Dell gigabit switches, while one of my server networks uses ProCurves.

          Machines: I've tried from my personal computer on the LAN, as well as from a VM on the server network.

          NICs: The LAN interface on the system uses Broadcom gigabit (so does the WAN, it's a 4 port card), while the server network uses Intel server NICs.

          Internet: I thought this was the culprit.  I'm using a wireless connection through Covad.  It's a dish based setup, with 3mb/s max bi-directional throughput.  The "router" for it has a 10mb port.  However, pfSense detects that it is 10mb with no issue.  And downloading directly to pfSense is fine.

          The latency isn't an issue either.  No dropped packets, good return speed, etc, even from the LAN/server network.

          Only other thing I can think of that's maybe related?  I installed the OS on a USB stick using the full installer.  Since I'm not running a proxy I didn't think that the disk speed would be relevant, it should be passing packets directly through essentially, correct?  Also, data transfers between internal networks have no issue.

          Thanks for the help.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            You might try to disable checksum offloading on the network card, sometimes that can cause similar issues. It can't hurt to try. It's under System > Advanced.

            1 Reply Last reply Reply Quote 0
            • J
              jwbrown77 last edited by

              Thanks for the suggestion.  Disabling checksum offloading seems to have no effect.

              I'm attaching two files:

              slow.txt - This is a tcpdump on the firewall when downloading a file from mirrors.kernel.org using a machine behind the firewall (through NAT).

              fast.txt - This is the same file being downloaded from the same site, but fast (directly to the pfSense box).  It may be hard to visualize the speed, but there are timestamps on the left to give an idea of how long it takes for packets to come in.

              Two notes:

              1. I've replaced my actual external IP in both files with 1.2.3.4.

              2. The F/R flags on the bottom of the slow file are just me breaking the download in the client application.

              Thanks.

              slow.txt
              fast.txt

              1 Reply Last reply Reply Quote 0
              • J
                jwbrown77 last edited by

                In case anyone comes along later with a similar issue, I fixed this.

                I switched the WAN interface from the onboard Broadcom to one of the PCI Intel slots.

                I don't know why:

                1. I was able to get good speeds directly to the pfSense.

                2. Why otherwise good ethernet cards had a problem with my WAN router's interface.

                Regardless, it works, so I don't care.  If anyone has an issue like this: Try another brand of NIC.

                Thanks.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy