Bandwidth test= fine, browsing unusable (HYPER-V)
-
I'm looking forward to studying those snapshots.
-
For my own education, can you post a snapshot of your WAN interface assignment?
I'd actually like to see how you are doing that, the VIP assignment, the VLAN and your multi-wan handling also incase I ever need to work with something like yours. There are lots of how-to pages for multiwan/load balance/fail-over etc. I'd love to compare your settings to those for educational purposes.OK the full set up (I've only had enough NICs when I've used ESXi, obviously) was pfSense with 5 vNICs.
This setup had NO DMZ.
Modem#1 provided 2 public IPs and was plugged into port 1 of the 24 port swith. This port 1 was untagged on the outbound but was tagged at the port to VLAN5 (I call it MODEM1 VLAN)
Modem#2 was plugged into Port2 of the 24-port (core) switch. This was tagged as VLAN 10. This was to prevent the ISP DHCP broadcasts from overlapping.
The ESXi host had a few ports trunked directly from the core switch containing all VLANS (5, 10 and the internal 15).
pfSense VM has 2 NICs on VLAN5, 2 NICs on VLAN10, and 1 NIC on the internal VLAN15.
From there, I added them as part of a gateway group and loadBalance based on latency. It works AMAZINGLY well.
I can even use Dynamic DNS for things such as VPN.domain.com or ftp.domain.com etc. This way I haven't needed to use a DMZ as I would just forward what I needed. But soon I'll be expanding to a proper tiered topology.
My ISP changes my IPs once every3-6 months so it is really nice.
-
I'm just at the gym right now but when I get home, I'll do what I've been delaying forever: make a proper visio diagram.
-
I'm just bummed that it works on a crappy physical computer, works great on a VMWare host, but fails catastrophically on Hyper-V
-
Well I will certainly study it, but have no idea if I'll understand how its working. Should be fun.
-
http://imgur.com/hl2Xo77,VYt3Hts,a2W3uXi
This is the current pfsense setup for the physical pfsense implementation and it worked very well. The ISP gives me all different IPs with all different subnets and all different gateways.
-
crap
the first image is incorrect and is for the virtual and is a wrong screenshot. Disregard it.This is the correct one: http://imgur.com/XbBg4ii,PdsrAoT,2D4ps89
-
This is the one I was waiting for.
Question. Was this modem you are using now, it was connected to the physical machines before?
But your links in the main status page show correctly as up correct? -
What are you DNS servers?
Are they being served by numbers forwarded from your WAN connection?
Could you try changing them to something like:
127.0.0.1
8.8.8.8
8.8.4.4?????
-
to note: in the second image under gateway, it says dynamic for one. This is the one I've disconnected for the virtual pfsense to use, so it is seen as down for the moment (I've removed the connection to VLAN 5 from the physical pfsense and applied it to the virtual to use).
-
http://imgur.com/GaydetJ,BRkUTaK is a simplified network diagram
the first image is the functional view while the second image is the physical view
-
What are you DNS servers?
Are they being served by numbers forwarded from your WAN connection?
Could you try changing them to something like:
127.0.0.1
8.8.8.8
8.8.4.4?????
I use an internal DNS on the Domain Controller for internal name resolution. It forwards to the ISP's primary and secondary DNS as well as 8.8.8.8 and 8.8.4.4.
-
One second, trying out your suggestion
-
I like your suggestion because the internal DNS hadn't changed the gateway.
I tried external DNS both 8.8.8.8/8.8.4.4 as well as my ISP's DNS servers and it was still slow (flushed DNS before the test as well as cleared the browser caches)
-
OK - Now…. Maybe its the return path thats a problem.
Try unplugging WAN cable from one modem.
Test.Then other modem...
Test...Is it more reliable on one modem than two?
-
Crap. You only have one. Right?
OK. Can you drop 1 IP for WAN and test?
-
Just dropped everything on Modem1 except for a single connection/IP to virtualize pfSense and it still has same issues
Weird things though…...google loads quickly and has no issues, so does speedtest.net......youtube takes a while to load all the thumbs but the videos buffer at full speed
-
I can't load a single thing on forum.pfsense.org when I change to the virtualized pfsense
Also I am seeing a ton of denials on the pfsense firewall from internal IPV6 addresses (probably broadcasts) even though I disabled IPv6….......how do I kill that off?
Edit: Here are the firewall logs: http://imgur.com/1cgaMr5
-
Unless you have some need of IPV6 today, why not:
System > Advanced > networking
Un-click all the IPV6 on both your PFsense boxes?
Turn it all off.
-
Yeah I did just that. The logs are still getting filled with IPv6 denials…...weird.