Very stumped with slow LAN side



  • Hi

    I have a pfSense box running for a sheltered living complex.  They have 150\15 cable coming in to a Cisco Docsis router which hands an IP address 192.168.2.x to the WAN interface on the pfSense.  On the LAN side the speed coming out is only about 10-20% of what's going in i.e maybe 15/3 or so.  This was better up until 3 weeks ago or so.  I have not changed anything in either the hardware or the software.  I did upgrade to 2.1.5 yesterday from 2.0.3. but this has made no difference.

    The box itself is a C2D 2.2GHz, 1GB DDR2, 80GB SATA, 2x TP-Link TG-3268 GB (Realtek RTL8169SC)

    I have tried the following, rebooting all devices, disconnecting all devices except the modem and the pfSense, changing patch cables, disabling captive portal, upgrading from 2.0.3 to 2.1.5 - none of which made any difference at all.

    I know the cards are not ideal and I have two Intel cards coming but they won't be here for a day or two.  Most of the residents are wards of the state so I have their case workers calling me all the time about it.  I'm just a volunteer and honestly, it's stressing me out.  These people really like their tablets and laptops and it's them I'm doing it for.  No good deed goes unpunished!  Anyway, sorry for moaning!

    If anyone can point me in the right direction I'd be very, very grateful.


  • Netgate Administrator

    It could be a failing piece of hardware somewhere down the line, a switch or access point maybe.

    Run a test directly from the pfSense box to test it's WAN side connectivity. To do this try fetching a test file from the command line. For example:

    [2.1.5-RELEASE][root@pfsense.fire.box]/root(1): fetch -o /dev/null http://cachefly.cachefly.net/10mb.test
    /dev/null                                     100% of   10 MB 1400 kBps
    

    Cachefly should be faster than that if you're in the US. Use some other test file you know be sufficient to fill your bandwidth.

    I assume you're still getting the full bandwidth on devices connected directly to the Cisco box?

    Steve



  • Hi Steve

    I haven't been clear, sorry!  All the testing I have done has been directly via the LAN connection on the pfSense i.e. with a laptop connected directly to the LAN card and everything else disconnected so if it's hardware it's in the box itself.  I've also tested the speed going into the box by plugging out the WAN cable (from the Cisco) and plugging that into my laptop and I'm getting expected speeds.  I'm assuming then that it's "something" to do with the box itself.  Thought whether hardware or software I couldn't say.

    Thank you for the suggestion re the test file - I'm in Ireland and I've just tried that file on a Windows machine and it flies!  I'll have to find a bigger one!

    Is it possible to gain access to the command line remotely or from elsewhere on the LAN to try that?  I have to drive to get there and have to do it on my own time.

    I really appreciate you taking the time to reply.



  • Can  you plugh a computer directly into the modem to verify that the modem speed is giving you what you think it should be?



  • Thanks for replying!

    I have already done so and I am getting the correct speed.  Sorry if I'm not being clear!  :)



  • Sounds like your port on the wan of your pfsense may be going bad.  You can try cleaning the contacts on the wan incase they have become tarnished/rusted/corroded or whatever.  I've done that a few times with success with old hardware.  Otherwise, see if a new NIC card fixes your problem.



  • @seedubya:

    Is it possible to gain access to the command line remotely or from elsewhere on the LAN to try that?  I have to drive to get there and have to do it on my own time.

    Try to run the test that Steve suggested in the second post, from pfSense.  You can get to a command line either by ssh'ing into the box (if you have it enabled), or via the webgui diagnostics –> command prompt tab.

    Also, in status --> interfaces, look for any errors reported (in/out errors or collisions).  What's reported on the WAN Media line there?


  • Netgate Administrator

    Yes, look for errors or collisions on either interface. Good suggestion.
    If you run the test and find that the box itself can download at full speed then you know the problem is on the LAN side. It could be a failing NIC. You could test that by reassigning the NICs the other way around and re-running the test. You will of course have to be on site to do that.

    I see from your other thread that you're running a captive portal. I assume that the tests you have done have been from a machine on the pass-through MAC list? If not do that. I once attempted to help another user to diagnose a similar problem, unexplained bandwidth throttling, that turned out to be linked to the captive portal. Unfortunately we never did get it fully resolved. The throttling went away completely if the captive portal was disabled. Try that. There is a bandwidth limiting option within the captive portal settings that seemed to be set even though it appeared not to be.

    Steve



  • @charliem:

    Try to run the test that Steve suggested in the second post, from pfSense.  You can get to a command line either by ssh'ing into the box (if you have it enabled), or via the webgui diagnostics –> command prompt tab.

    Hi charliem - I tried a few of these:

    $ fetch -o /dev/null http://cachefly.cachefly.net/10mb.test
    /dev/null                                               10 MB 2410 kBps
    
    $ fetch -o /dev/null http://download.thinkbroadband.com/200MB.zip
    /dev/null                                              200 MB 7172 kBps
    
    $ fetch -o /dev/null http://download.thinkbroadband.com/1GB.zip
    /dev/null                                             1024 MB 7855 kBps
    

    @charliem:

    Also, in status –> interfaces, look for any errors reported (in/out errors or collisions).  What's reported on the WAN Media line there?

    Zero errors or collisions reported on WAN.  Media reads:

    1000baseT 
    

    Thank you very much for trying to help! :)


  • Netgate Administrator

    Hmm, well you're not seeing the full 150Mbps but 62Mbps is a lot faster than 15.  ;)
    How does that compare with the same laptop connected directly the Cisco router downloading the same file?

    Steve



  • @kejianshi:

    Sounds like your port on the wan of your pfsense may be going bad.  You can try cleaning the contacts on the wan incase they have become tarnished/rusted/corroded or whatever.  I've done that a few times with success with old hardware.  Otherwise, see if a new NIC card fixes your problem.

    Hi kejianshi

    In my previous reply you can see the results of my download tests to the box via the WAN interface from the command line.
    The range from 2410 kBps to 7855 kBps which is a big fluctuation!  In Mbps it's about 20 and about 63 so a huge difference.
    Could a failing card or even a cheap Realtek card cause this, do you think?



  • yes - I do think.

    There are lots of possibilities of course, but I'd take a bright light and look to see if you see greenish or brownish stuff on the metal inside the WAN port or on the cable connecting to it.

    If it turns out to be the port, which is just one of many possibilities, replace it with a intel NIC if possible.

    Investigate other possibilities being suggested as well, of course.



  • @stephenw10:

    Hmm, well you're not seeing the full 150Mbps but 62Mbps is a lot faster than 15.  ;)
    How does that compare with the same laptop connected directly the Cisco router downloading the same file?

    Steve

    Hi Steve

    I'm going to go onsite in about an hour to test if I can get the office keys from the office manager, they close at 5 and it's 7:30 here.  I really want this sorted and all these nice people can go and play flash games etc. to their hearts' content!

    All of you guys/gals(?) are amazing!  Thanks so much for the help.

    I've managed to acquire two new Intel Gb NICs  - don't know what chip yet - should I just go ahead and fit those do you think?



  • New intel NICs won't hurt it.

    You will have to reassign wan and lan though.  Backup config before you test them.



  • Have just taken out the pfSense box and opened up the Wifi for now.
    I will work on the box tomorrow evening and see what gives.

    I will report back here to let you all know.

    Thank you all very much for your help so far.

    Colm