Bad Performance 5mb link

kjotere

Hi all, hope you can give me a hand with this. My setup is as follows

___Public IP 001
                            |
                            |
WAN –-- pfSense ------Public IP 002 (CARP IF)
                            |
                            |__Public IP 003 (CARP IF)

The link is a 5mb link. pfSense 1.2.3

My ISP stats 001.png and 002.png.

The problem seems to be a bottleneck affecting my link, as fas as the ISP concerns our fw is misconfigured or performing poorly. I've checked http://doc.pfsense.org/index.php/High_Load_Troubleshooting and all the commands shows an almost idle box

#systat -vmstat 1
Load  0.00  0.01  0.00 |  
0.0%Sys   0.0%Intr  0.0%User  0.0%Nice  100%Idle        %ozfod    44 em0 irq21
|    |    |    |    |    |    |    |    |    |    |

sometimes it reads 95% idle

#netstat -m

516/1149/1665 mbufs in use (current/cache/total)
514/694/1208/0 mbuf clusters in use (current/cache/total/max)
512/512 mbuf+clusters out of packet secondary zone in use (current/cache)
0/44/44/12800 4k (page size) jumbo clusters in use (current/cache/total/max)
0/0/0/6400 9k jumbo clusters in use (current/cache/total/max)
0/0/0/3200 16k jumbo clusters in use (current/cache/total/max)
1157K/1851K/3008K bytes allocated to network (current/cache/total)
0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters)
0/0/0 requests for jumbo clusters denied (4k/9k/16k)
0/7/6656 sfbufs in use (current/peak/max)
0 requests for sfbufs denied
0 requests for sfbufs delayed
0 requests for I/O initiated by sendfile
0 calls to protocol drain routines

top -S

last pid: 15831;  load averages:  0.00,  0.00,  0.00                                                                                                       up 0+23:35:54  16:31:09
107 processes: 3 running, 88 sleeping, 16 waiting
CPU:  0.0% user,  0.0% nice,  0.7% system,  0.6% interrupt, 98.7% idle
Mem: 34M Active, 13M Inact, 49M Wired, 4K Cache, 53M Buf, 1887M Free
Swap: 4096M Total, 4096M Free

PID USERNAME  THR PRI NICE   SIZE    RES STATE  C   TIME   WCPU COMMAND
  11 root        1 171 ki31     0K     8K RUN    1  23.3H 100.00% idle: cpu1
  12 root        1 171 ki31     0K     8K CPU0   0  23.2H 100.00% idle: cpu0
  13 root        1 -32    -     0K     8K WAIT   0   8:17  0.00% swi4: clock sio
  18 root        1 -28    -     0K     8K WAIT   0   3:48  0.00% swi5: +
  38 root        1 -68    -     0K     8K -      0   3:04  0.00% em0 taskq
  16 root        1  44    -     0K     8K -      0   0:26  0.00% yarrow
 728 root        1   8   20  3492K  1552K wait   1   0:13  0.00% sh
13468 root        1   4    0 40712K 14640K accept 0   0:13  0.00% php
 494 root        1   4    0  7192K  5052K kqread 1   0:09  0.00% lighttpd
  22 root        1   8    -     0K     8K -      1   0:07  0.00% thread taskq
   5 root        1  -8    -     0K     8K -      1   0:07  0.00% g_up
  44 root        1   8    -     0K     8K pftm   1   0:06  0.00% pfpurge
 864 root        1   8   20  3156K   800K nanslp 1   0:05  0.00% check_reload_status
   6 root        1  -8    -     0K     8K -      1   0:05  0.00% g_down
 363 root        1  44    0  3268K  1152K select 0   0:04  0.00% syslogd
 378 root        1 -58    0  5716K  2684K bpf    1   0:04  0.00% tcpdump
  51 root        1  20    -     0K     8K syncer 0   0:04  0.00% syncer

#systat -iostat 1

/0   /1   /2   /3   /4   /5   /6   /7   /8   /9   /10
    Load Average

/0%  /10  /20  /30  /40  /50  /60  /70  /80  /90  /100
cpu  user|
    nice|
  system|
interrupt|
    idle|XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

/0%  /10  /20  /30  /40  /50  /60  /70  /80  /90  /100
ad4   MB/s
     tps|

systat -netstat 1

/0   /1   /2   /3   /4   /5   /6   /7   /8   /9   /10
    Load Average

#systat -netstat 1

Local Address          Foreign Address        Proto Recv-Q Send-Q (state)
localhost.19009        .                    udp4       0      0
localhost.19008        .                    udp4       0      0
localhost.19017        .                    udp4       0      0
profw.mysite.40403 webserver.mysite.domai udp4       0      0
190.96.88.142.51476    ntp.reuna.cl.ntp       udp4       0      0
190.96.88.142.14003    inti.inf.utfsm.c.ntp   udp4       0      0
localhost.19000        .                    tcp4       0      0 LISTEN
localhost.19001        .                    tcp4       0      0 LISTEN
localhost.19002        .                    tcp4       0      0 LISTEN
localhost.19004        .                    tcp4       0      0 LISTEN
localhost.19005        .                    tcp4       0      0 LISTEN
localhost.19006        .                    tcp4       0      0 LISTEN
localhost.19007        .                    tcp4       0      0 LISTEN
localhost.19010        .                    tcp4       0      0 LISTEN
localhost.19011        .                    tcp4       0      0 LISTEN
localhost.19012        .                    tcp4       0      0 LISTEN
localhost.19013        .                    tcp4       0      0 LISTEN
localhost.19014        .                    tcp4       0      0 LISTEN
localhost.19015        .                    tcp4       0      0 LISTEN
localhost.19016        .                    tcp4       0      0 LISTEN
profw.mysite.ssh   200-142-136-236.s.55977 tcp4       0      0 ESTABLISHED
localhost.19003        .                    tcp4       0      0 LISTEN
localhost.ftp-prox     .                    tcp4       0      0 LISTEN
profw.mysite.48108 webserver.mysite.domai tcp4       0      0 ESTABLISHED

I've got more or less 5 rules per IP. Incoming services mostly, my LAN is about 6 machines.

So the questions, is there any different you can tell between a Proxy ARP V/S CARP IF ? I use CARP because i need to ping on it.
What on earth could be affecting the fw performance?  By the way, I know I can't reach 5 mb, but my ISP insists that we should.
What more test could I carry out?

PS: I plugged a laptop onto the ISP modem and speed was fairly what they sold to us, 5mb.

Hope all relevant information is clear and present.