RE: [pfSense Support] RE: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing
Hi Juan, My recommendation would be to do the following 1. Setup another box get it up and running with the minimum config necessary to keep all your users happy, especially if they are paying customers or employee's. This will get them off your back while you troubleshoot your throughput problems with less pressure to get them back online. When you are sure that your normal box is stable, swap it over after giving users advance notice of the swap over, with an expected downtime to swap 1 PC out and 1 back in and reversed if unsatisfactory result. 2. Depending what NIC's you are using, I did use Realtek chipset Netgear NIC's for a while. These lasted about 1 - 2 years before slowing to a standstill. I replaced these about 6 months ago with Intel Gigabit NIC's. Loadbalancing Dual WAN's, 2x 8MB WAN connections. When I replaced the Realtek Chipset NIC's, 1 only was failing, but I replaced ALL 4, as they were all the same age and Unix is hard on NIC's. I didn't want the same thing to happen a few weeks down the track. 3. Clean install PFSense, configure the system and do a Config Backup for a later stage. Test the throughput on your new install, PC eitherside and confirm data transfer. On Gigabit NIC's I am getting about 100MB/Sec or more throughput (steady on a file about 60GB). 4. If you still have issues on the older system, it's not uncommon for those older boards to have PCI slots fail. If this is the situation, replace PC and start again. In Australia, it's easy to get 2 or 3 year old PC's, EX GOV, for $200 - $300 with 3GHz P4 CPU, 40 - 80GB HDD's (some IDE/SATA) and 1GB RAM. So it should be possible for you as well. 5. You might also consider replacing patch cables between NIC's and Router and PFSense. Eliminates the unexpected. Kindest regards, -Original Message- From: Juan Rivera [mailto:jriv...@americancableco.com] Sent: Thursday, 16 April 2009 9:50 PM To: support@pfsense.com Subject: [pfSense Support] RE: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing hey this is getting worse we can't even get to the home page now we have to hit refresh over and over so we can get to the home page its running really slow I think just like dial up lol well I don't know what else to do I called our provider and they said everything seems to be good I connected a lap straight on the router and it loaded in 17 milliseconds any setting on the fire wall could be wrong or you think the computer where pfsence is installed it's not good enough the specs are 700 mhz 512 of ram and 100 mb/s nick cards let me know what you guys think -Original Message- From: Juan Rivera Sent: Tuesday, April 14, 2009 9:44 AM To: support@pfsense.com Subject: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Hey Tim here are the specs of the firewall its running on a 700 MHz processor 512 of ram and 2 100 MB nicks is an old gateway mid tower atx -Original Message- From: Tim Dickson [mailto:tdick...@calistogaranch.com] Sent: Monday, April 13, 2009 4:19 PM To: support@pfsense.com Subject: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing It all depends on throughput levels - but yes, I can pretty much guarantee it can handle it. (1990's hardware can handle 70 users with modest throughput), but if you are curious - what are your specs? I was more wondering if you had a couple machines with malware that may be pegging out your connections state table, or some P2P users. Check your state table and make sure it isn't maxing out. And make sure if you have P2P users, that they aren't maxing out your bandwidth. Blank MTU in your config is fine - that means it will be at 1500 - which is the standard on most connections (at least in the US). You didn't answer if all was well when bypassing the pfSense box. If it is, then start segregating things. Try it with JUST your machine -> pfSense -> Modem, and see how that works... this is granting your box is malware free :) - if in doubt, grab an Ubuntu LiveCD (or variant) and boot it up on your machine to test. Good luck! -Tim -Original Message- From: Juan Rivera [mailto:jriv...@americancableco.com] Sent: Monday, April 13, 2009 12:57 PM To: support@pfsense.com Subject: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Yeah just called my ISP they are checking on the modem to see if there is something wrong with it as the MTU was blank before I made any changes to it, now it got me thinking I have more than 70
RE: [pfSense Support] RE: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing
Juan, What about connecting a single computer behind the firewall without the rest of the network connected? Does the traffic move quickly then? If so, your firewall is probably being overloaded by traffic coming from the network. If it is still slow with a single computer behind the firewall, it's time to figure out what is wrong with the hardware. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Juan Rivera [mailto:jriv...@americancableco.com] Sent: Thursday, April 16, 2009 7:50 AM To: support@pfsense.com Subject: [pfSense Support] RE: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing hey this is getting worse we can't even get to the home page now we have to hit refresh over and over so we can get to the home page its running really slow I think just like dial up lol well I don't know what else to do I called our provider and they said everything seems to be good I connected a lap straight on the router and it loaded in 17 milliseconds any setting on the fire wall could be wrong or you think the computer where pfsence is installed it's not good enough the specs are 700 mhz 512 of ram and 100 mb/s nick cards let me know what you guys think -Original Message- From: Juan Rivera Sent: Tuesday, April 14, 2009 9:44 AM To: support@pfsense.com Subject: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Hey Tim here are the specs of the firewall its running on a 700 MHz processor 512 of ram and 2 100 MB nicks is an old gateway mid tower atx -Original Message- From: Tim Dickson [mailto:tdick...@calistogaranch.com] Sent: Monday, April 13, 2009 4:19 PM To: support@pfsense.com Subject: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing It all depends on throughput levels - but yes, I can pretty much guarantee it can handle it. (1990's hardware can handle 70 users with modest throughput), but if you are curious - what are your specs? I was more wondering if you had a couple machines with malware that may be pegging out your connections state table, or some P2P users. Check your state table and make sure it isn't maxing out. And make sure if you have P2P users, that they aren't maxing out your bandwidth. Blank MTU in your config is fine - that means it will be at 1500 - which is the standard on most connections (at least in the US). You didn't answer if all was well when bypassing the pfSense box. If it is, then start segregating things. Try it with JUST your machine -> pfSense -> Modem, and see how that works... this is granting your box is malware free :) - if in doubt, grab an Ubuntu LiveCD (or variant) and boot it up on your machine to test. Good luck! -Tim -Original Message- From: Juan Rivera [mailto:jriv...@americancableco.com] Sent: Monday, April 13, 2009 12:57 PM To: support@pfsense.com Subject: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Yeah just called my ISP they are checking on the modem to see if there is something wrong with it as the MTU was blank before I made any changes to it, now it got me thinking I have more than 70 computers connecting to my free BSD you think it can't handle that many ? -Original Message- From: Tim Dickson [mailto:tdick...@calistogaranch.com] Sent: Monday, April 13, 2009 2:54 PM To: support@pfsense.com Subject: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Sounds like you are pulling at straws here - but try and find out what the root of your problem is. If your packets are fragmented, then yes this will slow things down - but it could be totally irrelevant to your issue. If you bypass pfSense is everything fine? How do your traffic graphs look? (how many connections are you doing - check the state table) If it is in fact your MTU - check with your ISP on what your MTU should be, you'll want to leave it matching theirs as changing MTU will just cause MORE packet fragmentation where it isn't necessary, or causing more packets with less data. And if your MTU is correct, your traffic is minimal, and you are still having latency issues start a trace and find the routers your traffic is passing through. Then test the MTU levels to each router to find out which router is causing your fragmentation. You should then point your ISP to that router. The random MTU guess isn't going to get you anywhere. Just my 2cents though... -Tim -Original Message- From: Juan Rivera [mailto:jriv
[pfSense Support] RE: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing
hey this is getting worse we can't even get to the home page now we have to hit refresh over and over so we can get to the home page its running really slow I think just like dial up lol well I don't know what else to do I called our provider and they said everything seems to be good I connected a lap straight on the router and it loaded in 17 milliseconds any setting on the fire wall could be wrong or you think the computer where pfsence is installed it's not good enough the specs are 700 mhz 512 of ram and 100 mb/s nick cards let me know what you guys think -Original Message- From: Juan Rivera Sent: Tuesday, April 14, 2009 9:44 AM To: support@pfsense.com Subject: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Hey Tim here are the specs of the firewall its running on a 700 MHz processor 512 of ram and 2 100 MB nicks is an old gateway mid tower atx -Original Message- From: Tim Dickson [mailto:tdick...@calistogaranch.com] Sent: Monday, April 13, 2009 4:19 PM To: support@pfsense.com Subject: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing It all depends on throughput levels - but yes, I can pretty much guarantee it can handle it. (1990's hardware can handle 70 users with modest throughput), but if you are curious - what are your specs? I was more wondering if you had a couple machines with malware that may be pegging out your connections state table, or some P2P users. Check your state table and make sure it isn't maxing out. And make sure if you have P2P users, that they aren't maxing out your bandwidth. Blank MTU in your config is fine - that means it will be at 1500 - which is the standard on most connections (at least in the US). You didn't answer if all was well when bypassing the pfSense box. If it is, then start segregating things. Try it with JUST your machine -> pfSense -> Modem, and see how that works... this is granting your box is malware free :) - if in doubt, grab an Ubuntu LiveCD (or variant) and boot it up on your machine to test. Good luck! -Tim -Original Message- From: Juan Rivera [mailto:jriv...@americancableco.com] Sent: Monday, April 13, 2009 12:57 PM To: support@pfsense.com Subject: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Yeah just called my ISP they are checking on the modem to see if there is something wrong with it as the MTU was blank before I made any changes to it, now it got me thinking I have more than 70 computers connecting to my free BSD you think it can't handle that many ? -Original Message- From: Tim Dickson [mailto:tdick...@calistogaranch.com] Sent: Monday, April 13, 2009 2:54 PM To: support@pfsense.com Subject: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Sounds like you are pulling at straws here - but try and find out what the root of your problem is. If your packets are fragmented, then yes this will slow things down - but it could be totally irrelevant to your issue. If you bypass pfSense is everything fine? How do your traffic graphs look? (how many connections are you doing - check the state table) If it is in fact your MTU - check with your ISP on what your MTU should be, you'll want to leave it matching theirs as changing MTU will just cause MORE packet fragmentation where it isn't necessary, or causing more packets with less data. And if your MTU is correct, your traffic is minimal, and you are still having latency issues start a trace and find the routers your traffic is passing through. Then test the MTU levels to each router to find out which router is causing your fragmentation. You should then point your ISP to that router. The random MTU guess isn't going to get you anywhere. Just my 2cents though... -Tim -Original Message- From: Juan Rivera [mailto:jriv...@americancableco.com] Sent: Monday, April 13, 2009 11:12 AM To: support@pfsense.com Subject: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing ok I've done that but still the internet slow the MTU is not at 1400 but internet slow is there anything else that could be the problem -Original Message- From: Gary Buckmaster [mailto:g...@centipedenetworks.com] Sent: Monday, April 13, 2009 1:28 PM To: support@pfsense.com Subject: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing This is not the way to do this as the configuration will not survive reboots. You can set the MTU on the interface configuration page for your WAN interface in the webGUI. I would encourage you to check that out. Mikel Jimenez Fernandez wrote: > Hi > > Yo have to reduce the MTU of inte
