  • Hi, I have a pfSense in a PII 400 MHz with 192 Mb of RAM over a HDD with 20 Gb. Also, Internet is 2 Mbps / ADLS connection, but now is very slow (around 600 Kbps).

    Is there any way to check if hardware is the problem?, It has one internet connection and 3 NIC one for each network, there are up to 20 computers within the 3 networks.


  • The most common cause of a slow firewall is a busy cpu or out of states/memory, just check with top the cpu usage (>60% = garbage) and the states size. If everything is normal (but get rassured it shouldn't be normal with a PII) check your network cards.

  • CPU usage 16%
    Memory usage 40%
    State table size: 137/10000

    So… looks fine  ???

    How can I check the NICs?


  • Rather than looking at a single snapshot, you may be better looking at the RRD graphs. If these show high CPU, then that's your issue - though if the high CPU is predominantly interrupts, the problem may be your NICs.

    What sort of NICs do you have - the 'code' such as em0 or fxp0 is enough to tell us.

  • David:

    Ok… I'm looking the RRD Graphs, System Tab, Processor graph has an average at 30% and two peaks one at 20.00 h and the other one at 21.00 h reaching 65% each one. Also, looks stable, no interrupts.

    NICs are:

    • RL1: Lan (public network, hotel's customers)

    • RL0: wan

    • RL2: opt1 (hotel network)

    • RL3: opt2 (IT network)

    Is that the info you were asking? (or let me know where could I find it)


  • rl0, rl1 etc are Realtek 10/100 NICs.

    It is probably also worth looking at interface error counters (shell command

    netstat -i

    If the error interface counters are low there can be other reasons for low end to end throughput including low buffering capacity of intermediate routers, low buffering capacity of end systems, network congestion, switch congestion, too small socket buffers at the end points for the network end to end delay.

  • if you transfer a big file from the IT network to the hotel network, that will show you if the firewall is slowing things down.

    with a PII , I would probably use m0n0wall but your hardware seems to be doing OK.  trust your firewall, blame your ISP !

    PS when  David_W says interrupts he doesnt mean breaks. he means cpu interrupts or irq type interrupts

  • Man, I have almost an identical setup at my Father's house.  I set it up about 2 months ago.  He has like 3 or 4 pc's hanging off of it.  It is like a p2 400 or 450 with only 256 megs ram.  20 gig drive.  Runs great, I tested it at my house for about 2 months too.  I have 5 pc's 360, wii, and a nin Ds all on it.  The pc should be fine.  It could be an issue with your NIC, or your Modem.  You may have to manually set your NIC to 100/full or whatever, test and try.  It will probably fix your problem.  Unless it is just traffic on your network, 30 pc's is a lot for 1 box of that speed, and only 2 meg dsl…30 ppl used to highspeed would be wearing that 2megs out...I'd plug one device in and test then mess with speed/duplex settings on that interface on pfSense.  There are a couple postings here for that.

