Bandwidth test= fine, browsing unusable (HYPER-V)
-
Can you also remove the "allow" IPV6 reference in your LANs (and maybe WANS) firewall rules?
Unless you need it for something? Everywhere… -
Can you also remove the "allow" IPV6 reference in your LANs (and maybe WANS) firewall rules?
Unless you need it for something? Everywhere…hmmm I don't think this is the problem, though….....I should get some sleep on this.
Let me know if you think of anything else that I may have missed.
Edit: I have removed the references from everywhere, still showing.......hmm
-
OHHHHHH YES.
I'm sure I'll just imagine the fix while you are sleeping! haha Not. -
OHHHHHH YES.
I'm sure I'll just imagine the fix while you are sleeping! haha Not.haha well you know what I mean…...if you think of another idea, let me know!
It seems to be only a few domains that work very well, others don't. It may be a DNS issue. I'll mess around with that tomorrow
-
I suspect DNS issue, or WAN load balancing issue, or either DHCP, IP or MAC conflict.
Be cause it works a little in fits and starts…If it were insurmountable, it wouldn't work at all.
I'd start with 1 IP, 1 pfsense and 1 computer on 1 LAN and see if that even works on a fresh install.
Then I'd start adding aspects of your network introducing them 1 at a time and see when it breaks. Might point to the why.and
546/547 is DHCPv6. It would go away if you enabled DHCPv6 Relay on the interface. Why is it blocked by default with the black magic in behind otherwise - no idea. For ICMP - this is all the local traffic. Allow ICMPv6 in floating rules, useless log noise gone. ICMPv6 is required for proper IPv6 working anyway.
-
According to Mr. doktornotor, IPV6 is sort of a busted POS in freeBSD currently (Not his words, but I get that feeling)
Its suggest to:
Try - where you have the IPv6 "catchall" allow rule enabled, edit -> Advanced Options - tick the checkbox with the above nondescriptive description (This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.) - Save - Apply. See if it helps.
If you are using IPV6.
-
According to Mr. doktornotor, IPV6 is sort of a busted POS in freeBSD currently (Not his words, but I get that feeling)
Well, nah… it works pretty well except for some exceptions... ;D The fragmented packets certainly being incredibly annoying when you hit the issue.
-
Apparently, passing the traffic as described is supposed to help. Perhaps rather than going out of our way to disable and block IPV6 we should have been going the other route. Enabling it and passing it everywhere including that menu he spoke of. I'm all IPV4 here.
Last night while purchasing a couple domains I considered buying IPV4RIP.com since its not taken.
-
Brilliant! I'll take care of that as soon as I get in.
As for the other issue, I'll isolate it all tonight and try from a completely different machine (or maybe a cell phone) and attempt from there.
-
This is going to ruin what little sanity I have left.
After much testing, I have noticed the following pages load:
pfsense.org
google.ca
cnn.com (unreliably and slow)
thepiratebay.sx
youtube.com
speedtest.net (with 10/0.5 down/up speed ratings)
I can also connect to Steam and corporate webmail
I can download my gmail through Outlook but not web pageThese do not:
gmail.com
facebook.com
youtube videos hosted by vevo (commercials work though!)
forum.pfsense.org (wtf right?)I have used external ISP DNS, internal DNS and google DNS as well. Same results.
I can ping the domains very easily with the exception of those who do not respond normally such as cnn.com.
I can ping everything. It is just the loading of pages that fail.
This is with multiple machines on the network.Removing pfsense-virtual from the network entirely and replacing with physical counterpart resumes normal activity.
-
try http://173.252.110.27
What happens?
-
Scrap the VM and start again from creating new VM and then doing fresh install might be good option by now.
-
Scrap the VM and start again from creating new VM and then doing fresh install might be good option by now.
This was done with a brand new VM and broswing by IP still led to the same issues. I wish it was a DNS issue. But it isn't present when the physical pfSense is there. I do know the ESXi pfSense works flawlessy so I'll go with that.
I am going to migrate back to ESXi where I can use pfSense a bit better. The problem is that with this new host, I don't have a hardware RAID controller and it is tricky to install (1U so either quad port nic OR raid controller) or I'll have to go with a SAN arrangement.
For now I'll spread the VMs across the the DAS drives and take good backups until the RAID Controller gets here.
-
SAN…
Cool. I hope it works for you. P.S. What are you doing with so much stuff running behind such a tiny little bit of bandwidth? Whats the end purpose?
-
SAN, yeah…...iSCSI most likely because I don't think I can do FC or FCoE with my current set up. I don't have much room in my tiny 8U rack.
Well I have 6 people and a few PCs that I need to babysit. I try to keep everything as clean as possible. Mostly a ton of GPOs to keep the PCs in line, and provide services for the users without having to rely on external resources. As you said, such tiny bandwidth forces me to have to have more things 'in-house' because any mismanagement will kill off a connection. That also makes me use WSUS, etc.
-
I just cache dynamic content… including all updates. It sounds elaborate for 6 people though. Hope they enjoy the effort.
-
I just cache dynamic content… including all updates. It sounds elaborate for 6 people though. Hope they enjoy the effort.
I'm leaving the whole IT scene professionally but not personally. They don't understand the effort, but I like keeping current.
I appreciate your effort in helping me out though. I am currently almost done the Hyper-V to ESXi migration.