Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Slow websites

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Heli0s
      last edited by

      I installed pfSense 2.2 RC on my system and configured it the same way as my previous 2.1.5 system (except that I'm using Unbound for DNS). The issue that I'm having is that a lot of times websites take a long time to load (I can see the browser trying to load them but nothing comes up). When I access them outside the network, everything is okay. I've never see that kind of use with my 2.1.5 system.

      Anyone know what could be the issue?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        IPv6?

        If you're using firefox you can try setting about:config value

        
        network.dns.disableIPv6=true
        
        

        If you get AAAA dns answers and have no IPv6 connectivity things suck.

        Not sure why going to 2.2 would do this.  Might be something completely unrelated.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • H
          Heli0s
          last edited by

          I thought about it too. But I've disabled IPv6 (under System: Advanced: Networking).

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            If you think it's a DNS issue try accessing the sites directly by IP. Try setting a client to use an external DNS server directly.

            Do other services function fine, ftp transfers, streaming video etc?

            Have a read through this to see if any of it is aplicable to you:
            https://doc.pfsense.org/index.php/Low_Throughput_Troubleshooting

            Steve

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              It's not really related to the router, but the client.  If the client asks for and receives an AAAA record it will try to connect IPv6 until it times out then it will ask for an A record and connect IPv4.

              Anyway, just a thought.  There is no "make websites load slowly" checkbox in pfSense so it's probably going to come down to checking things from the bottom up.  I suspect there's a DNS problem if it's not IPv[46].

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • H
                Heli0s
                last edited by

                If it is a DNS problem, how would I go about troubleshooting/resolving it?

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Well, you could start by browsing and looking at the states and see what's what there.

                  Is it just web browsing?  Is it just one browser or all?  Which one is it?

                  I hesitate to tell you to use the standard tools like dig/nslookup, ping, etc, because you really need to do exactly what the web browser is doing and these days who knows what that is?

                  And just to be sure, are we dealing with squid or other packages at all?

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • H
                    Heli0s
                    last edited by

                    It looks like it's just browsing. I've tried different browsers and different machines. It loads fine on my phone (not connected to wifi), so I'm pretty sure it's somehting going on with the network.

                    I only have pfBlocker and Snort installed and I tried with both of those disabled and got the same result.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      What are you running this on? Do you see high CPU or RAM usage?

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • H
                        Heli0s
                        last edited by

                        A Core 2 Due dual core machine with 2GB memory. I've never really seen the CPU/RAM spike.

                        1 Reply Last reply Reply Quote 0
                        • DerelictD
                          Derelict LAYER 8 Netgate
                          last edited by

                          If it were me I'd take a backup of the config, install fresh, and put a minimal config on it (just WAN/LAN/NAT, no snort, no packages,etc.).  If it still does it, you've pretty much eliminated pfSense and can start looking elsewhere.

                          You can always restore the config and be back where you are now.

                          Chattanooga, Tennessee, USA
                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.