New install, some problems right off the bat, seeking advice

  • Gang,

    New pfsense user here.  I want to add it to an existing network in front of my Untanle box to augment a few things and add some features.

    Having some trouble.

    2.1 x64 installed on a T7200 2GHz Core2Duo with 2GB RAM, old laptop.  Onboard NIC is a Broadcom 10/100, and I've added an Intel PCMCIA EtherExpress 10/100 PCMCIA card.  Turns out this only runs 10BaseT FDX, or 100BaseT half.  More on that later.

    Internet -> Cisco 3825 cable modem (routing, can't avoid that at the moment) -> PF -> UT -> LAN

    Right off the bat, network speeds dropped from 50mbps downstream to 4-6mbps down.  The PCMCIA interface was running at 10baseT HDX.  I tried forcing it to 100BaseTX and pf went down (hung and stopped passing traffic) within minutes.

    Back to 10BaseT speeds (because at least that works), when one client (Nintendo WII) is watching a Netflix stream (2mbps) my CPU use is at 60%.

    This is with all other features turned off.  I had had squid and squidguard running in a test environment before deploying it on my network, and everything ran fine (extremely minimal traffic though, just a function test initially).  As soon as I put the PF box in the network live, lots of things broke (virtually no network traffic would pass), so I disabled everything so I could at least get traffic passing and start playing with features etc.  I'll troubleshoot that stuff later.  So for the moment PF is just a router/firewall.

    I have a USB NIC at home that I will try later, and another PCMCIA DLINK (on the supported hardware list) on order that does 100mb full duplex to replace the Intel.  Right now I'm fine blaming the Intel PCMCIA NIC for most of my troubles, but it doesn't explain high CPU use (maybe it does, its Cardbus and there could be a problem with interrupts, although all unused hardware on the laptop has been disabled in BIOS, things like serial and parallel ports etc).

    Within about 5 minutes of putting the PF box online, I has just shy of 10k collisions on the wan (pcmcia) interface.  I know 10BaseT is prone to this, but this number seems high.

    I'm going to try to systematically fix problems one by one, starting with either a replacement PCMCIA NIC, or the USB NIC, depending on which one works with the most success.  For a 40-50mbps cable modem connection, 100BaseT full duplex should be sufficient, right?

    As an aside, I am afraid to put my Cisco cable modem into bridge mode (its a "hidden" feature on the management interface and I don't have a backup cable modem at the moment in case I really screw it up).  So its getting a DHCP address from the cable company, and then has a static IP configured on its gig LAN side interface.

    Cable company <-> (dchp wan) Cisco ( lan) <-> ( wan) PFsense ( lan) <-> UT bridging <-> LAN

    I know its an unnecessary hop and is complicating the network some, but its working for now, albeit slowly and with some issues.  If the kids can check their email, I have time to tweak things.  So the network is not down, just performing extremely poorly.

    Still worried about my high CPU use (and associated 70 degrees C core temps across the CPU despite me hacking three fans into the laptop).

    Any initial advice welcome.  I know there are a lot of variables at play and I am trying to eliminate them one by one, but if anything glaring jumps out at you, I'm all ears.


  • Netgate Administrator

    Well 10K collisions is a sigh something is seriously wrong. You should be seeing 0 collisions. If you force one end of the connection you MUST set the other end also you cannot leave it set to auto. If both ends are set to auto but the speed negotiation is failing you must set both ends to have a chance of it working correctly.

    I do recall an issue with cardbus cards and high cpu loading, I remember doing some testing for another user. This is express card though right?

    Edit: My bad memory, nothing to do with the bus:,55887.0/all.html


  • Intel EtherExpress Pro 10/100, alleged to be cardbus.

    I don't think I can force LAN speed on my cable modem, I may have to let the pair auto negotiate 10mb (!) until my new PCMCIA card gets here.

    I'm going to start looking at interrupts when I get home also.

  • Netgate Administrator

    Can you swap the interfaces and use the ethercard NIC as LAN? I assume you can set the NIC speed in Untangle.


  • Well its a 16-bit EtherExpress 10/100, so its not cardbus (32-bit).

    USB adapter was recognized for its chipset (dmesg showed it and the system reacted when I unplugged/plugged it in).  But apparently no native drivers.

    Flipping the interfaces from wan/lan to lan/wan had no effect, other than the collisions stayed with the 16-bit card.

    I'm hoping its a faulty card.  pfsense box is now back on the test bench pending arrival of the DLink (hcl compatible) pcmcia card.  I may try to load drivers for the USB adapter just for grins while I wait for the big brown truck to arrive later this week.

    More later.