Installed PfSense, but the whole internet is slow! Help!

pifiu

I installed PFSense on a spare 1U IBM server I had.
Server specs:

P3 1.266
1GB PC133 ECC
36GB SCSI
3 NIC's.

1 onboard IBM (Intel chipset). The server comes with 2 NICs onboard, but I disabled one.
2 Encore Realtek NIC cards.

the onboard intel I am using as the OPT1, which Ill connect an AP to.
one of the Encore Realteks I am using for WAN, and the other for LAN.

I know the machine is overkill, but its what I had.

Connection specs:

ADSL 3.5Mbits/384Kbits
PPPoE

I set pfsense up and copied it to the HDD. I started off with the defaults and configured the interfaces accordingly. I setup the WAN by entering the username and password for the PPPoE connection. I left the MTU value default for PPPoE which was blank meaning 1492. I went to the interfaces page and saw it was connected.

I opened up my homepage and google came up… VERY SLOWLY. I said oh maybe its coincidence, so then I load another random site, and it takes forever to load. I do a handful of random sites and they are all slowwww, like almost worse than 56k!
I thought maybe the DSL was acting up, but I connected a normal linksys router I had, and everything went back to normal fast speeds.
I connected the pfsense box again just to make sure, and back to slowness!

I have played with various MTU settings as I was told, on the IRC channel. I went from 1200 to 1492 and nothing helped. I disconnected the PPPoE connection and reconnected it after each MTU settin change, and nothing.

I am not sure what I am doing wrong, or whats going on.

On a side note, I saw that when I connect to the PPPoE, for DNS servers it shows the very first one as the address of the lan interface (192.168.1.1), and then for secondary and third the ones for the ISP which is fine. I am wondering if the primary is supposed to be 192.168.1.1, or if thats what the problem is? If thats the problem how can I change it so it uses the ISPs or a DNS I choose?

Thanks in advance, and I hope to get some help on this topic to get it resolved! ;D ;D

Gertjan

@pifiu:

…for DNS servers it shows the very first one as the address of the lan interface (192.168.1.1), and then for secondary and third the ones for the ISP which is fine. I am wondering if the primary is supposed to be 192.168.1.1, or if thats what the problem is? If thats the problem how can I change it so it uses the ISPs or a DNS I choose?

Had the same issue here. It was showing the IP of my ADSL-PPPoE router as a DNS IP, and the DNS of my ISP as a second IP.
Look for a file like /var/etc/nameserver_* (the * is an interface name) and blow it away.
This file is a left over, when your WAN interface was declared as a DHCP client (on first boot).
With a PPPoE interface, you don't need it. Just remove it (look into it, the IP in it will be your mysterious DNS - the IP of you PPPoE modem).

More info : dive into /etc/inc/system.inc - function get_nameservers().

Things didn't get any faster for me when I removed this file (and so, the false DNS IP) - but it just annoyed me  :)

sullrich

@pifiu:

the onboard intel I am using as the OPT1, which Ill connect an AP to.
one of the Encore Realteks I am using for WAN, and the other for WAN.

Where is the LAN interface!?

pifiu

@sullrich:

@pifiu:

the onboard intel I am using as the OPT1, which Ill connect an AP to.
one of the Encore Realteks I am using for WAN, and the other for WAN.

Where is the LAN interface!?

I apologize, one of the Realteks is WAN the other is LAN. I only have one of each.

pifiu

@Gertjan:

Things didn't get any faster for me when I removed this file (and so, the false DNS IP) - but it just annoyed me  :)

lol so if they didnt get faster, whats the point! :P

hoba

Just a maybe stupid sounding suggestion: Use a longer cable between modem and wan. Also what happens if you use the intel at wan?

pifiu

@hoba:

Just a maybe stupid sounding suggestion: Use a longer cable between modem and wan. Also what happens if you use the intel at wan?

tried the intel at wan, and same issue. I figured that might solve the issue due to complaints ive seen on the Realtek chipsets, but it did not.

A longer cable between modem and wan? I am using a 14 foot cable actually.

Gertjan

@pifiu:

lol so if they didnt get faster, whats the point! :P

…cause it's seems completely non logic to me to use a PPPoE ADSL modem as a DNS intermediate hop. pfSense keeps a list op 'up-stream' DSNS devices – and the ones connected (remember: the initital state of a pfSense box is DHCP-client on his WAN port – so he will log the obtained address as a DNS relayer in a file like i.e. nameserver_sis0).
The first IP was the one from my PPPoE modem device, which isn't a DNS relay at all. But it could be one when it’s in router mode – and it has still this IP at the interface side that is connected to the WAN interface of the pfSense box.
The second IP one is the real ISP DNS, obtained by the PPPoE connection.

When pfSense fires of a DNS request, it will try to use my (local) 10.0.0.138 device – which will be useless – it can’t route to this address anyway (it’s ‘local’ and can’t be routed to the net). pfSense will shift over to the second DNS - this time it's always jack-pot.

That why.... just to win some ‘resolve’ time…….

Anyway, having a 10.0.0.138 as a DNS on a adsm modem - and a PPPOE connection on it - is not 'logic'.

hoba

@Gertjan:

@pifiu:

lol so if they didnt get faster, whats the point! :P

…cause it's seems completely non logic to me to use a PPPoE ADSL modem as a DNS intermediate hop. pfSense keeps a list op 'up-stream' DSNS devices – and the ones connected (remember: the initital state of a pfSense box is DHCP-client on his WAN port – so he will log the obtained address as a DNS relayer in a file like i.e. nameserver_sis0).
The first IP was the one from my PPPoE modem device, which isn't a DNS relay at all. But it could be one when it’s in router mode – and it has still this IP at the interface side that is connected to the WAN interface of the pfSense box.
The second IP one is the real ISP DNS, obtained by the PPPoE connection.

When pfSense fires of a DNS request, it will try to use my (local) 10.0.0.138 device – which will be useless – it can’t route to this address anyway (it’s ‘local’ and can’t be routed to the net). pfSense will shift over to the second DNS - this time it's always jack-pot.

That why.... just to win some ‘resolve’ time…….

Anyway, having a 10.0.0.138 as a DNS on a adsm modem - and a PPPOE connection on it - is not 'logic'.

This was just fixed by scott. Thanks for reporting.

pifiu

@Gertjan:

@pifiu:

lol so if they didnt get faster, whats the point! :P

…cause it's seems completely non logic to me to use a PPPoE ADSL modem as a DNS intermediate hop. pfSense keeps a list op 'up-stream' DSNS devices – and the ones connected (remember: the initital state of a pfSense box is DHCP-client on his WAN port – so he will log the obtained address as a DNS relayer in a file like i.e. nameserver_sis0).
The first IP was the one from my PPPoE modem device, which isn't a DNS relay at all. But it could be one when it’s in router mode – and it has still this IP at the interface side that is connected to the WAN interface of the pfSense box.
The second IP one is the real ISP DNS, obtained by the PPPoE connection.

When pfSense fires of a DNS request, it will try to use my (local) 10.0.0.138 device – which will be useless – it can’t route to this address anyway (it’s ‘local’ and can’t be routed to the net). pfSense will shift over to the second DNS - this time it's always jack-pot.

That why.... just to win some ‘resolve’ time…….

Anyway, having a 10.0.0.138 as a DNS on a adsm modem - and a PPPOE connection on it - is not 'logic'.

I understand now. However I dont think that might be the issue at hand. Although yes the resolving will be quicker, once it resolves, there should not be a constant slowdown correct?

I just think the issue is somewhere else. Any other suggestions? I appreciate the input, and at least we got something corrected :)

Gertjan

What about skipping one hop ?

Connect with SSH to pfSEnse and download this (like this) :

fetch -o /tmp/firmware.tgz http://pfsense.untouchable.net/downloads/pfSense-1.0-RC3-LiveCD-Installer.iso.gz

If this is also slow, then at least you know that it's your WAN connection to blaim - local LAN will be excluded.
Try several download servers before drawing conclusions.

Another tip: swap WAN and LAN.
I also use a classic Intel onboard NIC, and two Realtek 'free with a box of rise' NIC's on PCI slots.
Your 'dual head' NIC (Intel) isn't supported well maybay by FreeBSD - declare it OPT1 for now to isolate it.
Put the WAN and LAN on the two Realteks.

What about some special BIOS NIC settings in your PC to toy with ?

pifiu

Couple of things that I am not sure if I mentioned.

I cant seem to access IRC. It starts to connect and then says "(no identd (auth) response)".

I changed the cable today that went from the WAN to the DSL modem, and then tried to download that file directly from the pfsense box, and got normal working speeds 200-300KBps.

I dont know if it was the cable or pure coincidence, but IRC seemed to start working again!

Went ahead and tried to browse at random sites, but still it wasnt really working, speeds are slower than 56k, and sometimes pages dont finish loading.

I also went ahead and deleted that 192.168.1.1 address from the DNS as was mentioned up top.

hoba

Do you have another modem to try?

pifiu

@hoba:

Do you have another modem to try?

no I dont. :-[ :-[

but you think that might be the problem? It works fine when I connect it either straight to the modem or through the Linksys router. I think the modem is fine?

hoba

Sometimes devices negotiate with some nics just fine and have problems with other ones. Would be worth a try. What does status>interfaces show for your nics? collisions? errors, maybe a wrong duplex mode somewhere?

pifiu

@hoba:

Sometimes devices negotiate with some nics just fine and have problems with other ones. Would be worth a try. What does status>interfaces show for your nics? collisions? errors, maybe a wrong duplex mode somewhere?

it did show some errors, like 30 over the span of an hour.

I have some 3com NICs I will try today, and I also want to try to re-format and re-install.

pifiu

Well I really dont know what to do now.

I went ahead and took the Realtek cards out of the system completely. I installed some 3com ones that are supported according to the list. (cant remember their models exactly). Installed pfsense again and now it only detects one of them. yes both are connected since I have a link light on both of the 3com ones.

ARGH I think I am really going to give pfsense a rest and come back in a couple of months and see if its changed in any way.

Back to clark connect I go.  :-[

hoba

You must have some rally strange hardware issues. Replacing the box most likely will fix it. Strange as I have a similiar 1U IBM Serversystem (e330) at home that runs just fine with pfSense. Maybe a Biosupdate would help?

pifiu

@hoba:

You must have some rally strange hardware issues. Replacing the box most likely will fix it. Strange as I have a similiar 1U IBM Serversystem (e330) at home that runs just fine with pfSense. Maybe a Biosupdate would help?

actually I believe it IS a 330?

i dont know, finding a bios through the IBM site is a mess!

hoba

Here's everything for this server: http://www-307.ibm.com/pc/support/site.wss/product.do?template=/product.do?template=%2Fproductpage%2Flandingpages%2FproductPageLandingPage.vm&sitestyle=ibm&brandind=8&familyind=50276&machineind=0&modelind=0&partnumberind=0&subcategoryind=0&doctypeind=9&doccategoryind=0&operatingsystemind=49977&validate=true

My one has 1,2 GB, 1x1,4 GHz PIII-S (512kb cache, second cpu socket not used). 2x 18GB SCSI RAID1. Additional to the 2 fxp onboard nics I have a 4port switchcard that is realtek based in it. The only thing that I had to do to make the live-cd boot completely is to disable dma for the atapi cdrom and disable the fdd in bios or it would halt somewhere on bootup (see http://wiki.pfsense.com/wikka.php?wakka=BootOptions for how to disable the dma mode).