On 9/25/05, Jeroen Hermans [EMAIL PROTECTED] wrote:
I have the following situation at a site:
- 1 pfsense box connected to the internet and lan (194.1.1.41)
- lan behind pfsense box (nat) (194.1.1.0/24)
- proxy (squid) box in lan (194.1.1.31)
- a few clients in the lan
The last few weeks internet was really slow. I first started to look
at the squid configuration, but i found out that when i did a telnet
hostnameontheinternet 80 on the squid-box, that too was really slow
(about 5 seconds till the socket was open). So i suspected that there
was not (primairily) something wrong with the squid config. The
strange thing is that when i open the same connection twice on the
squid-box (telnet port 80), the first time it takes about 5 seconds
till i get a connection to the host. The second time it works in
about 0,1 second. Now, pfsense has its own ssh-shell, so i tried the
same test on the pfsense-box. But there the socket to the
internethost opens fast the first time. My conclusion is that the
delay happends on the pfsense box (nat?). I can resolve all hostnames
and ip-adresses (forward and reverse) without any delay on the
pfsense and squid-box.
The firewall is completely open btw (lan, wan and pptp).
I hope someone can give me pointers to what the problem can be.
Thanks a lot in advance,
Hmmm...slow the first time and fast the second possibly sounds like an
issue in DNS resolution somewhere. Are you using pfSense as your DNS
server for the LAN? Can you telnet to any host via IP address and see
if the results differ? How about telneting through the pfSense box
from a machine other than the squid box (you changed two things when
you tested from the pfSense box, not one).
--Bill
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
