Performance problem with upgrade
-
my network is kind of standard
wan: 8 static IP
lan: 192.168.1.x with dhcp
dmz: 3 virtual ip natted 1:1 with 192.168.2.x
pfSense 1.2.1 running on a PIII 800MHz + hard diskI had this configuration for many years with monowall and since 2 years with pfsense without problem
I was able to reach the FTP server on the DMZ and upload files from inside the LAN at 12-14 MB/sec.
As I upgraded to pfSense 1.2.3 (via webGUI and same configuration) the transfer speed dropped to 1-2 MB/sec with frequent "stop and go".
I then downgraded to 1.2.2 (clean install from iso to HD) with similar result.
I downgraded again to 1.2.1 (clean install again) and the performance went back as before.I enclosed here my xml configuration.
I do not really need to upgrade now, but this behavior do not permit me with future upgrade.
Looking for suggestion…
-
We are having similar problems and found that if you reboot and open the Webgui throughput will degrade severely (2.0 Beta with vanilla config, no carp, wide-open rules, vlan trunking on interface bge0).
Tested without opening Webgui and did not have any throughput issues.michael clendening
-
Depending on your network card, there could be various driver bugs to blame.
You should try to disable Hardware Checksum Offloading in the Advanced Options and try it again.
-
We solved our similar problem by changing the NIC
http://forum.pfsense.org/index.php/topic,22968.msg118458.html#msg118458Peace,
Michael Clendening -
Thank you all for the suggestion
I had a very drastic approach: I built a spare firewall with new mobo, new HD and new NICs.
I loaded pfsense 1.2.3 and my configuration.
In office non-working hours I plugged in and tested / stressed for few hours with no problem at all from various workstations. I even increased the download speed to 15/20 MB/sec (depending from the OS of the workstation).
Yesterday I definitively changed the firewall with the new one.The old firewall (Pentium III 800EB + shuttle mobo) has been on 24/24 from 2001, working as a PC, as a little server, as a Winroute server, as a monowall firewall and lately as a pfsense server.
It still seems operational, but probably the NICs have suffered most.Max