Latency issue

  • Current my pc is set as static IP and gateway is pfSense IP address (static) instead of my router gateway. All the device is in the same subnet. I know that there is latency issue if my traffic pass-thru pfSense as the gateway… Plz Help !!!


  • LAYER 8 Global Moderator

    latency issue to where?  And how much, and sounds like more than likely have asynchronous routing setup.  If you have pfsense behind your router and pfsense lan is the same network as your isp routers lan and you can point to either of them.

    How exactly do you have pfsense in your network.. Are you just doing a double nat?  Your setup should be normally like this

    ips router –- either public or transit ( pfsense --- lan

  • router is > pfSense is

    I'm not double natting, no route has been setup yet. pfSense is connect to an access switch behind the router. See attachment from pc ip config


    ![4-12-2016 11-20-40 AM.png](/public/imported_attachments/1/4-12-2016 11-20-40 AM.png)
    ![4-12-2016 11-20-40 AM.png_thumb](/public/imported_attachments/1/4-12-2016 11-20-40 AM.png_thumb)

  • Just making sure this is what you're saying

    Computer Screenshot:

  • You are adding latency by adding another route step to internet traffic by using as your default gateway instead of

  • LAYER 8 Global Moderator

    How does pfsense get to the internet?  Does it have its own internet connection or does it use the same internet router?

    Sounds like you have this - which never going to work.  Or do you have the 2nd setup, which again not going to work.

  • pfsense gateway is which is the router IP

    ![4-14-2016 1-55-44 PM.png](/public/imported_attachments/1/4-14-2016 1-55-44 PM.png)
    ![4-14-2016 1-55-44 PM.png_thumb](/public/imported_attachments/1/4-14-2016 1-55-44 PM.png_thumb)

  • LAYER 8 Global Moderator

    dude that is NOT how you would set it up..  For starters its going to be asynchronous..  So your client bounces off pfsense, which then hairpins to send to your router.. Then when traffic comes back through your router its just going to go direct to your client..  BAD setup!!

    So no shit that is going to have all kinds of problems!!!

  • Whooa what's up with the profanity? Johnpoz…..

  • While his language may not be your preference, his comment is spot on.

    That design is all kinds of wrong. You seriously need to step back and think about what you are trying to do and whiteboard something more standard, and then implement.

  • I'm aware of that. So i refreshed pfSense… Plz provide guidance on design setup...


  • @knguy7:

    I'm aware of that. So i refreshed pfSense… Plz provide guidance on design setup...

    First off, "no shit" is just colloquialism…  I'm sure John meant no harm, just a bit of frustration perhaps.  Often times, "no shit" is followed by "Sherlock".

    As to your design, put everything in a downstream flow.  Since pfSense is probably a better router than your router, do you even need it?  I know, some ISPs require you to use a specific router.  So your choices are:

    ISP/TA > router > pfSense > devices  (if you must use the ISP router/TA)


    ISP/TA > pfSense  > devices  (if you can just come off the TA)

    You can still have static IPs on your devices if that is your need or you can assign static IPs through the DHCP service.


  • LAYER 8 Global Moderator

    You have a problem with no shit??  Really are you 6 and your mommy told you was shit a bad word?? ;)  I quite often would use no fuck as well… How about is the pope catholic ;)  Would of you had a problem with..  It is a common phrase use to express that what is being discussed is obvious.. As in that sort of setup is fubar.. Would you like me to expand that acronym? hehehheeh

    As to how you should it set it up comes down to what your wanting to accomplish.  Pfsense is best to replace the router your using from your isp..  Common these days for isp to hand out a gateway device where its modem/router combo.  If you can turn that into just modem (bridge mode) and pfsense wan gets public on its wan that is most often first choice.

    if you can not turn off the nat on your isp device and give pfsense a public on its wan, then you would go with a double nat setup where your isp network is now your transit network to your pfsense wan.. No other devices would be on this transit other than routers.  If any devices are put on this transit network that are not routers you would need to do host routing on these devices.

    All your devices would be put on the network(s) behind pfsense. Only restriction here would be that your transit network is not the same as your networks behind pfsense.

    Another option would be to maintain a network on your isp device, and then create a transit network to pfsense so be able to get to those networks.  So devices on your isp device would use the isp device as their gateway, and the router would route to pfsense via this new transit network to pfsense wan.  If you were going to go this route pfsense would not need to nat.

    There are many a way to skin the cat.. Your attempt is not the right way to skin the cat ;)

Log in to reply