LAN Traffic Extreme Slow..Need Help!!!



  • Hi All,

    I'm very new to Pfsense.

    I'm using PFsense version 1.2.3. After using pfsense proxy. I'm facing extreme Lan traffic slow, latency very high when connect to server. The PFsense server processor & RAM usage very low.

    Can somebody please attempt to help me?

    Below is my Network Topology

    Thank in advance.



  • Hi,

    there is no screenshot of you topology.

    What do you mean with "pfsense proxy" ? Do you mean squid ?

    PS: If you start new with pfsense, why not starting with pfsense 2.0RC-3 ?



  • LAN to LAN traffic won't be going through pfSense so that can't be the source of the problem. Try replacing the switch and checking the network traffic to see if one particular PC is causing a problem.



  • @Cry:

    LAN to LAN traffic won't be going through pfSense so that can't be the source of the problem. Try replacing the switch and checking the network traffic to see if one particular PC is causing a problem.

    Cry Havok is right. If the traffic is between PCs on the same subnet then the problem is NOT pfsense.
    It could be pfsense if you are routing between different subnets.



  • @Nachtfalke:

    Hi,

    there is no screenshot of you topology.

    What do you mean with "pfsense proxy" ? Do you mean squid ?

    PS: If you start new with pfsense, why not starting with pfsense 2.0RC-3 ?

    Ok, i will try the new version pfsense 2.0RC-3



  • @Nachtfalke:

    @Cry:

    LAN to LAN traffic won't be going through pfSense so that can't be the source of the problem. Try replacing the switch and checking the network traffic to see if one particular PC is causing a problem.

    Cry Havok is right. If the traffic is between PCs on the same subnet then the problem is NOT pfsense.
    It could be pfsense if you are routing between different subnets.

    LAN to Lan traffic won't be going through pfsense ?
    but if i Disable the Pfsense Firewall, my LAN traffic will become more faster..



  • @Nachtfalke:

    @Cry:

    LAN to LAN traffic won't be going through pfSense so that can't be the source of the problem. Try replacing the switch and checking the network traffic to see if one particular PC is causing a problem.

    Cry Havok is right. If the traffic is between PCs on the same subnet then the problem is NOT pfsense.
    It could be pfsense if you are routing between different subnets.

    I Had upgraded to new version 2.0 RC3, but now i cannot use IP address connect to my server, now only can use server name "\servername"  to connect…..Previously the old version everything working fine....

    how to add different subnet to pfsense, so that i can solve the slow traffic & high latency ?



  • Please provide a diagram showing how your network is configured.  For example:

    ADSL –- pfSense (192.168.0.1) --- switch
                                        |  |
                                        |  -- PC (192.168.0.5)
                                        -- Server (192.168.0.10)



  • My Diagram as below:

    ADSL–Juniper Firewall Rounter(192.168.5.200)--pfsense (192.168.3.2)--Managed switch(192.168.5.10)   
                                                                                                          ||    || 
                                                                                                          ||    ||
                                                                                                          ||      PC (192.168.3.50)
                                                                                                          ||
                                                                                                        server (192.168.5.50)

    fyi–if i put pfsense server in subnet 192.168.5.0/24, i cannot access to local host server (192.168.3.100)...



  • I can see part of the cause of your problem - you're randomly mixing subnets. If the Juniper has 192.168.5.x for it's internal subnet then you must not use that on the internal subnet for pfSense, and the managed switch.



  • For my case. Can you give me example, normally user how to configure it ?

    I feel confusion, if i disable the pfsense firewall…the LAN traffic will run more faster.



  • Please ignore previous Diagram. I had revised the Diagram.

    ADSL–Juniper Firewall Rounter(192.168.5.200)--Managed switch-------PFsense (192.168.3.2)    
                (**Firewall tp do the routing for                             ||                 ||
                 192.168.5.0/24 &192.168.3.0/24 &                        ||                ||
                  interface 192.168.3.1/32 &192.168.5.1 )                 ||                 ||  
                                                                                       ||                 ||
                                                                                       ||                PC (192.168.3.50)
                                                                                       ||
                                                                           server (192.168.5.50)

    ***I only want to capture proxy report.
    User LAN configuration
    IP -192.168.3.xx
    subnet - 255.255.255.0
    Gateway - 192.168.3.2 (Pfsense server)
    DNS - 192.168.5.xx

    ***Server will skip round to Pfsense server.
    Server LAN configuration
    IP-192.168.5.xx
    subnet- 255.255.255.0
    Gateway- 192.168.5.1
    DNS- 192.168.5.xx



  • Where is the performance problem? Is it internal to 192.168.3.x, 192.168.5.x or between the 2 subnets? Is pfSense NATing between the networks, or routing? What hardware do you have and what is the volume of traffic (both in terms of bandwidth and packets per second)?



  • i think is internal problem 192.168.3.x ->192.168.5.x. Because When i open the server share folder, i need to wait for 10 second to open it. If i try to disable the Pfsense firewall, the speed will back to normal (faster).

    IF i change the Pfsense LAN IP & my pc IP to 192.168.5.x, example from 192.168.5.x ->192.168.5.x. The speed will like normal, very fast.

    I'm using Juniper SSG320M Firewall & HP Procurve Managed Switch.

    According to the Status Traffic Graph From Pfsense, In & Out traffic average below 50 Kbps

    Ping Result - From 192.168.3.x to 192.168.5.x
    –-Reply from 192.168.5.1: bytes=32 time=1ms TTL=64
    ---Reply from 192.168.5.1: bytes=32 time<1ms TTL=64



  • So, what you're saying is that the problem is only with Windows file shares? Is the only problem with connecting to the share, or is there also a performance problem when accessing files on the share? Are you connecting by hostname or by IP address?

    Also, you forgot to say whether pfSense is only routing or also NATing.



  • Today the connection speed to the server feel more faster (like normal speed)….but the performance when accessing to files on the server still not stable....I received this error few times when i open the excel file - "cannot be accessed. The file may be corrupted"  & The internet connection not stable, sometime microsoft outlook cannot send out the email, the mail pending in outbox. This few days, i will keep on monitor it.

    I'm using both type hostname & IP address.

    I'm not sure whether pfsense using routing or NAT...Please refer to below attached file for you to check.

    http://www.imageshare.web.id/images/ayc89balwd0tsje7o9jf.jpg

    http://www.imageshare.web.id/images/ruswx9j08p35co1p3l0t.jpg



  • I'm not seeing any images, though if you don't know I'd guess NAT.



  • IF u can't see the picture, please click the shortcut link…tq



  • Yes - and at the end of that link is an upload form, not an image.



  • ok, nvm. Let me describe the settings.

    Firewall Advanced : Just follow by default setting..

    Network Address Translation : By default setting…Disable NAT reflection for port forward.



  • It sounds like you're still NATing, which may be part of your problem. If you don't need it doing NAT try turning it off (though devices on 192.168.5.x will have to know how to route to 192.168.3.x).



  • How do i turn off the NAT ?



  • Someone mentioned, that by removing outbound nat rules will do the job



  • To turn off NAT, just go to:

    FIREWALL - NAT - OUTBOUND
    There click "Manual outbound NAT", than click save. Then delete all existing rules in Outbound if there are any. Click save.
    Thats it. NAT is turned off.

    If you like to turn off NAt AND firewall, got to:
    SYSTEM - ADVANCED - FIREWALL/NAT:
    Disable Firewall.



  • After Turn Off the NAT, I'm still facing same problem… performance slow when accessing files on the File Server.

    If i disable the firewall & Nat, i can't get the proxy report! Why? But for accessing file on the File Server will become more faster, like normal speed...!!

    Can i just disable the NAT & Firewall, but i still can continue using squid to capture the traffic & proxy report ?



  • Did you try with bypassing squid for source/destination IP? Take a look if it will be faster then (even if NAT and firewall is enabled)



  • @Nachtfalke:

    Did you try with bypassing squid for source/destination IP? Take a look if it will be faster then (even if NAT and firewall is enabled)

    I had try…still the same.
    Can i bypassing for source/destination in Firewall ?



  • There isn't a possibility for bypassing the firewall for only some IPs as far as I know.



  • My problem have been solved.

    Thanks for your help. :)



  • It would help others if you could tell people how it was solved and what the problem was.


Log in to reply