Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Odd DNS Issue Causes SMB Transfer Slowness

    Scheduled Pinned Locked Moved DHCP and DNS
    18 Posts 4 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cmb
      last edited by

      Mucking with that is doing nothing to SMB at all. Whether or not the firewall itself uses localhost for DNS resolution has no impact on clients. DNS also has no impact on transfer speed once it's running - client does a DNS lookup, starts transfer to resulting IP, never does anything with DNS again for the duration of the transfer. There is something else going on, and it's almost certainly not related to the firewall at all given that traffic isn't touching it.

      1 Reply Last reply Reply Quote 0
      • ghostshellG Offline
        ghostshell
        last edited by

        I am able to reproduce the slowness. I left 127 in spot 2 for an hour and transferred small files over. After an hour I switched 127 to spot 1 and waited a couple min and transferred over wifi it jumped up to 5+MB. Did that for an hour and then switched back and it dropped down to 140KB when I put 127 to another spot.  Where can I look to see why this is getting affected.

        1 Reply Last reply Reply Quote 0
        • C Offline
          cmb
          last edited by

          packet capture from the affected client machine and see what it's doing or not doing.

          1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator
            last edited by

            Yeah some sort of information is missing here because dns just has nothing to do with this at all..  And as mentioned your not even moving packets through pfsense..  Do a sniff of your fast transfer, then do a sniff when you say its slow and we can see what is going on.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

            1 Reply Last reply Reply Quote 0
            • ghostshellG Offline
              ghostshell
              last edited by

              14:26:41.306997 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:26:41.307097 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:26:46.307053 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:26:46.307060 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:26:51.307012 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:26:51.307030 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:26:56.307065 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:26:56.307082 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:27:01.307023 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:27:01.307037 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:27:06.306978 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:27:06.307077 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:27:11.307035 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:27:11.307051 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:27:16.306990 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:27:16.307089 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:27:21.307047 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:27:21.307063 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:27:26.307002 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:27:26.307018 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:27:28.812373 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 245)
                  192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
              14:27:28.812409 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 238)
                  192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
              14:27:31.307059 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:27:31.307073 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:27:36.307015 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:27:36.307032 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:27:41.307071 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:27:41.307086 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:27:46.307026 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:27:46.307041 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:27:51.307082 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:27:51.307097 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:27:56.307038 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:27:56.307055 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:28:01.307094 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:28:01.307108 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:28:06.307055 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:28:06.307079 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:28:11.307006 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:28:11.307024 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:28:16.307062 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:28:16.307074 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:28:21.307019 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:28:21.307037 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:28:26.306974 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:28:26.307074 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:28:31.307031 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:28:31.307046 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:28:36.306989 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:28:36.307087 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:28:41.307046 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:28:41.307062 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:28:46.307004 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:28:46.307021 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:28:51.307062 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:28:51.307078 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:28:56.307019 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:28:56.307034 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:28:58.148079 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 245)
                  192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
              14:28:58.148103 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 245)
                  192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
              14:29:01.168783 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:01.168799 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:01.168805 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:01.168810 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:01.168813 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:01.168982 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 245)
                  192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
              14:29:01.168987 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 78)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
              14:29:01.307077 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:29:01.307083 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:29:03.510897 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:03.510903 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:03.510907 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:03.510911 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:03.510997 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:03.511001 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 78)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
              14:29:03.511005 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:03.511009 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:03.511012 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:03.511016 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:03.511019 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:03.511023 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 78)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
              14:29:05.275271 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:05.275281 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:05.275286 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:05.275290 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:05.275293 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:05.275297 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 78)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
              14:29:06.307035 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:29:06.307134 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:29:08.279010 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 220)
                  192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
              14:29:10.281121 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 220)
                  192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
              14:29:11.306993 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:29:11.307093 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21
              14:29:12.283245 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 220)
                  192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
              14:29:14.285360 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 220)
                  192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
              14:29:16.287579 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 220)
                  192.168.1.30.138 > 192.168.1.255.138: NBT UDP PACKET(138)
              14:29:16.287592 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 96)
                  192.168.1.30.137 > 192.168.1.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
              14:29:16.307050 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
              14:29:16.307056 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                  192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21

              1 Reply Last reply Reply Quote 0
              • C Offline
                cmb
                last edited by

                There's not even an attempt to transfer a file there. Though I'd expect that if you captured from the LAN of the firewall, given that internal SMB traffic doesn't touch it. What were you doing when capturing that, and from where was the capture taken?

                1 Reply Last reply Reply Quote 0
                • johnpozJ Online
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  Capture on the machine your wanting to transfer from, ie the pc your using.. Be it your pulling a file down from a share or putting a file on a share.  The PC your using will show us the transfer.  As already stated multiple times if your moving a file to or from a machine on the same network segment pfsense doesn't even see or touch that traffic.  So how would its dns settings slow anything down.

                  Also is hard to view details in that sort of info - upload the the actual capture.  You can make it anon if you want with a tool such as https://www.tracewrangler.com/

                  But if your just doing a file copy via smb, etc.  There really shouldn't be any data in there other than maybe the username and password you use to auth to the share - just create a test account before you do the sniff and use that, etc..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                  1 Reply Last reply Reply Quote 0
                  • ghostshellG Offline
                    ghostshell
                    last edited by

                    Cap Int: LAN
                    Proto: UDP
                    IP: storage server IP 1.30
                    Action: Open Network Share and File Transfer

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ Online
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      that is just broadcast traffic - again as stated pfsense is not going to see transfer between 2 boxes on the same network segment..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                      1 Reply Last reply Reply Quote 0
                      • DerelictD Offline
                        Derelict LAYER 8 Netgate
                        last edited by

                        The only thing I can think of is we're really not talking about transfer rate but session start timeouts.  Maybe OP's transferring a lot of little files and each transfer is dependent on DNS for something and has to timeout every time with one specific order of nameservers.  Just guessing.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ Online
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          I don't even see any dns queries in there.. What I do see is prob plex which I believe uses that 32414 and 12 ports..  And some netbios stuff to ports 137 and 138 broadcast which pfsense is never going to answer anyway since it doesn't do any sort of wins support, etc.  Even if that is what the traffic was - which I doubt since wins traffic is not broadcasted..

                          OP how are you access the shares via fqdn or IP?  If your access shares like \1.2.3.4 then dns is never going to be invovled.  If your doing \hostname or \hostname.something.tld then you could do a dns query for that, hostname is not good way to expect dns to respond anyway.

                          It can work with suffix search added by client, etc..

                          If you post a sniff of your file transfer working how you want (fast) and then when its slow we can take a look and help you figure out what the slow down is - but it sure is not going to have anything to do with pfsense.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                          1 Reply Last reply Reply Quote 0
                          • ghostshellG Offline
                            ghostshell
                            last edited by

                            Found out res was through the FW and not through the local DNS server.

                            1 Reply Last reply Reply Quote 0
                            • ghostshellG Offline
                              ghostshell
                              last edited by

                              No plex

                              1 Reply Last reply Reply Quote 0
                              • DerelictD Offline
                                Derelict LAYER 8 Netgate
                                last edited by

                                It's on you to provide more info.  I have no idea what that means.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                1 Reply Last reply Reply Quote 0
                                • johnpozJ Online
                                  johnpoz LAYER 8 Global Moderator
                                  last edited by

                                  @ghostshell:

                                  No plex

                                  I would beg to differ to be honest..

                                  14:26:41.306997 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                                      192.168.1.30.42027 > 192.168.1.255.32412: UDP, length 21
                                  14:26:41.307097 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 49)
                                      192.168.1.30.56755 > 192.168.1.255.32414: UDP, length 21

                                  Clearly 192.168.1.30 is broadcasting traffic on well known plex ports..

                                  https://support.plex.tv/hc/en-us/articles/201543147-What-network-ports-do-I-need-to-allow-through-my-firewall-
                                  The following ports are also used for different services:

                                  UDP: 1900 (for access to the Plex DLNA Server)
                                      UDP: 5353 (for older Bonjour/Avahi network discovery)
                                      UDP: 32410, 32412, 32413, 32414 (for current network discovery)
                                      TCP: 32469 (for access to the Plex DLNA Server)

                                  While sure it could be something else - this is the only use of those ports that I am aware of.. Without seeing the actual sniff that can open in wireshark or something - that would be my guess to what the traffic is.

                                  And again - this traffic has nothing to do with file transfers between 2 boxes on the 192.168.1.0/24 network - since pfsense would never even see that traffic.  This is just typical broadcast noise..

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.