Slow speed behind pfsense

  • Hello all

    I have a pfsense 1.2.3 installed on a server with 2 broadcom NICs.
    The configuration as below:

    public IP  <–-> pfSense <---> private IP

    In the private side, a machine named A wants to connect a SMTP server outside the pfSense and send a mail with 300k attachment, but spends about 2 minutes to send. (1kB/s average)

    Another machine named B has public IP, doing the same thing as A, only spends 1 seconds to send.

    top -SH & netstat -ni don't see anything irregular.

    What the situation would it be? and how to solve it?

    (Note: my pfSense has run squid, but the loading is very low)

    Thanks a lot

  • Hello
    Does anyone know about it?

    Thanks a lot

  • So are you currently running squid?
    If yes: search the forum for "slow internet with squid". There are dozens of threads about this.

  • Hello

    Yes, I've running squid on it,
    but it seems fine to download a file behind pfSense, it usually runs at 3~4MB/s
    but while send a mail with 300k attachment to the smtp server outside pfSense,
    it runs about 5~7sec to finish a mail

    this thing confuses me a while  ???

  • Can you see the dialog or log messages between your SMTP device and the remote server?  The problem may be with one of those, not pfSense.

  • Hello Cry

    Seems not the problem of SMTP server
    while I disable firewall and use public IP to send mail
    it only spends < 1s to finish

    there is nothing wrong about nat settings…

    and I've checked if this would be a MTU mismatch problem, but seems not
    all pfsense, machines inside pfsense, and SMTP server were the same MTU as 1500

  • Without seeing a packet capture during a slow SMTP send, it's hard to comment.

  • Try using your pfsense box without other services like squid, disable all and try???

  • @danswartz:

    Without seeing a packet capture during a slow SMTP send, it's hard to comment.

    ^ this. If you can attach a pcap of only that SMTP traffic we can probably tell you why. My first guess is you have a PMTUD problem of some sort. Dropping the MTU on your mail server to 1400 is one way to test that.

  • Thanks all,
    I found it might be a MTU problem while I tuning the MTU down on mail server….