Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    In need of help to solve a bandwidth issue

    Scheduled Pinned Locked Moved General pfSense Questions
    61 Posts 11 Posters 22.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      luke240778
      last edited by

      Thanks for that .. i am using both these options now.. great

      Just quickly, that RATE in pftop.. is that in bytes or kilobyes?  So for example 348015 is what?

      1 Reply Last reply Reply Quote 0
      • P Offline
        podilarius
        last edited by

        I think it is in BYTES per sec.

        1 Reply Last reply Reply Quote 0
        • D Offline
          dreamslacker
          last edited by

          If your Squid is set to cache, it is possible that clients have initiated and cancelled downloads which results in Squid still persistently downloading the content for caching purposes though the clients no longer require it.

          1 Reply Last reply Reply Quote 0
          • L Offline
            luke240778
            last edited by

            Ah.. interesting… I do indeed have squid setup as a transparent proxy..  I will keep an eye on this.

            Whilst on the subject of Squid.. Having the swap.state log rotate daily, doesnt affect the actual cache or clients getting content from cache right?  I need all the help i can to conserve bandwidth

            1 Reply Last reply Reply Quote 0
            • S Offline
              serialdie
              last edited by

              @kapara:

              pfTop via SSH

              Type the following commands to get ip's with highest throughput utilization…  do not type the commas

              7,  R (Capital R), s, 1

              Another option is install the pflowd package and downloading ManageEngines netflow monitor on a PC or Server on the lan.  Point the pfflowd to the PC with manageengine.  I used to use it alot!!!!

              You get 2 free devices to monitor.  Free phone support for setup too!

              Where do you get pflowd for pfsense from?

              Is nether in the pkg list or the freebsd repo.

              TIA!

              1 Reply Last reply Reply Quote 0
              • S Offline
                serialdie
                last edited by

                found it.

                Thanks!

                1 Reply Last reply Reply Quote 0
                • L Offline
                  luke240778
                  last edited by

                  What can i use to see what is actually happening as far as squid possibly downloading or something? I am having this issue more often now.. its becoming a problem to my clients.. for an unknown reason for times throughout the day, for hours at a time my WAN usage is right up at my 20mb limit..  Take a look at attachment, i am in need of assistance for sure..

                  problem.png
                  problem.png_thumb

                  1 Reply Last reply Reply Quote 0
                  • T Offline
                    tommyboy180
                    last edited by

                    Wow! Well if it were my installation I would go back to the basics and remove everything and slowly re-build over time. Try to eliminate potential causes of the issue.
                    Also, get a capture of that traffic so you can find out exactly what that is. If I had to guess without much insight to what is going on I would not eliminate p2p traffic.

                    -Tom Schaefer
                    SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                    Please support pfBlocker | File Browser | Strikeback

                    1 Reply Last reply Reply Quote 0
                    • L Offline
                      luke240778
                      last edited by

                      Thanks for that.. starting again and rebuilding from scratch is hard as i really rely on the build up squid cache that is on there (50gb or so)

                      Wouldn't ptp traffic show up on my LAN interface (where all my clients are) as well as the LAN?  WHen th WAN is like you see in that screenshot, the LAN (clients) is never above say 3-4mb usage..

                      1 Reply Last reply Reply Quote 0
                      • T Offline
                        tommyboy180
                        last edited by

                        True. I forgot that about your post. Let me run this by some of my colleagues at work and see if I can give you a better hint.

                        -Tom Schaefer
                        SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                        Please support pfBlocker | File Browser | Strikeback

                        1 Reply Last reply Reply Quote 0
                        • W Offline
                          wallabybob
                          last edited by

                          In a pfSense console session run pftop to get dynamic display of current firewall states (connections). Type h too get a display of the options. The R option should sort connections on rate and that should give you some clues about who is using the bandwidth.

                          1 Reply Last reply Reply Quote 0
                          • L Offline
                            luke240778
                            last edited by

                            @tommyboy180:

                            True. I forgot that about your post. Let me run this by some of my colleagues at work and see if I can give you a better hint.

                            Thanks for this.. looking forward to what you come up with..

                            1 Reply Last reply Reply Quote 0
                            • L Offline
                              luke240778
                              last edited by

                              @wallabybob:

                              In a pfSense console session run pftop to get dynamic display of current firewall states (connections). Type h too get a display of the options. The R option should sort connections on rate and that should give you some clues about who is using the bandwidth.

                              I have done this, at a time when the WAN says 20mb usage, and below is what i see, i can't understand it well enough to see if it actually gives me an answer or not (i see alot of INBOUND traffic with port 127.0.0.1:3128 (squid Proxy Port).. is that my problem? and what uses that port?)

                              Getting confused with what In and Out refer to here..

                              pftop.png
                              pftop.png_thumb

                              1 Reply Last reply Reply Quote 0
                              • T Offline
                                tommyboy180
                                last edited by

                                Squid uses 3128 by default.

                                -Tom Schaefer
                                SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                                Please support pfBlocker | File Browser | Strikeback

                                1 Reply Last reply Reply Quote 0
                                • Cry HavokC Offline
                                  Cry Havok
                                  last edited by

                                  In and Out are interface related - so a download will generally be In on WAN and Out on LAN (and so on).

                                  1 Reply Last reply Reply Quote 0
                                  • L Offline
                                    luke240778
                                    last edited by

                                    Right, just saw that in my squid config.  So, what i am not understanding is this… if it is possibly ptp traffic, wouldnt that show up on the Traffic Graph also on the LAN interface, where all my clients are connected?  This high WAN usage issue to me seems like i am leaking bandwidth somehow, somewhere.. cause the LAN interface is always quite low in usage, but just the WAN is max'd. Does that pftop output make any sense to you?

                                    1 Reply Last reply Reply Quote 0
                                    • Cry HavokC Offline
                                      Cry Havok
                                      last edited by

                                      Have you looked at the reverse DNS (rDNS) and WhoIS of the highest volume remote nodes? The top 2 I picked both related to Google services.

                                      What is 192.168.10.240, since it seems associated with some of the highest transfers, through Squid.

                                      1 Reply Last reply Reply Quote 0
                                      • L Offline
                                        luke240778
                                        last edited by

                                        @Cry:

                                        Have you looked at the reverse DNS (rDNS) and WhoIS of the highest volume remote nodes? The top 2 I picked both related to Google services.

                                        What is 192.168.10.240, since it seems associated with some of the highest transfers, through Squid.

                                        192.168.10.240 is one of my clients.. who according is limited to maximum 2mb/1mb.. as are all my clients

                                        Here is a current snapshot of my pftop… currently my WAN is showing 20mb usage..  I have no idea what is going down... all my clients are limited via captive portal to 2mb, and are also limited on my AP (wireless cliente connecting via antenna).. when this shows 20mb usage, my LAN (192.168.10.0) is showing 4mb usage

                                        20mb.png
                                        20mb.png_thumb

                                        1 Reply Last reply Reply Quote 0
                                        • Cry HavokC Offline
                                          Cry Havok
                                          last edited by

                                          Three of your top 4 lines refer to 65.54.93.42 (cds39.mia9.msecn.net.). I don't know what that is - does it make sense to you?

                                          1 Reply Last reply Reply Quote 0
                                          • L Offline
                                            luke240778
                                            last edited by

                                            No.. not at all..  Currently it is chewing up 20mb.. and that IP is no longer there in the pftop output.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.