Re: [pfSense Support] sockets over pfsense nat very slow
On 9/25/05, Jeroen Hermans <[EMAIL PROTECTED]> wrote: > >Hmmm...slow the first time and fast the second possibly sounds like an > >issue in DNS resolution somewhere. Are you using pfSense as your DNS > >server for the LAN? Can you telnet to any host via IP address and see > >if the results differ? > Indeed, you are right. At first i suspected the dns being faulty. I > am using the pfsense box as a dns-server, but i am also using another > machine in the subnet as a secondary dns-server (need it for non-dhcp > adresses). The point is that when i resolve the ip-adresses and > hostnames, the dns seems to be working (on both the dns-servers). So > i tried to telnet to ip-adresses. The very same problem occured > (first telnet is slow, the second is fast). That's really strange. About all I can offer is that none of my pfSense installs work that way. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] sockets over pfsense nat very slow
At 16:42 25-9-2005, you wrote: On 9/25/05, Jeroen Hermans <[EMAIL PROTECTED]> wrote: > I have the following situation at a site: > > - 1 pfsense box connected to the internet and lan (194.1.1.41) > - lan behind pfsense box (nat) (194.1.1.0/24) > - proxy (squid) box in lan (194.1.1.31) > - a few clients in the lan > > The last few weeks internet was really slow. I first started to look > at the squid configuration, but i found out that when i did a "telnet > hostnameontheinternet 80" on the squid-box, that too was really slow > (about 5 seconds till the socket was open). So i suspected that there > was not (primairily) something wrong with the squid config. The > strange thing is that when i open the same connection twice on the > squid-box (telnet port 80), the first time it takes about 5 seconds > till i get a connection to the host. The second time it works in > about 0,1 second. Now, pfsense has its own ssh-shell, so i tried the > same test on the pfsense-box. But there the socket to the > internethost opens fast the first time. My conclusion is that the > delay happends on the pfsense box (nat?). I can resolve all hostnames > and ip-adresses (forward and reverse) without any delay on the > pfsense and squid-box. > The firewall is completely open btw (lan, wan and pptp). > I hope someone can give me pointers to what the problem can be. > Thanks a lot in advance, Hmmm...slow the first time and fast the second possibly sounds like an issue in DNS resolution somewhere. Are you using pfSense as your DNS server for the LAN? Can you telnet to any host via IP address and see if the results differ? Indeed, you are right. At first i suspected the dns being faulty. I am using the pfsense box as a dns-server, but i am also using another machine in the subnet as a secondary dns-server (need it for non-dhcp adresses). The point is that when i resolve the ip-adresses and hostnames, the dns seems to be working (on both the dns-servers). So i tried to telnet to ip-adresses. The very same problem occured (first telnet is slow, the second is fast). How about telneting through the pfSense box from a machine other than the squid box (you changed two things when you tested from the pfSense box, not one). The problems occur on all the workstations in the 194.1.1.0 subnet, so i suppose that the problem really is on the pfsense computer. Again: thanks a lot for your reactions, Jeroen Hermans - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] sockets over pfsense nat very slow
On 9/25/05, Jeroen Hermans <[EMAIL PROTECTED]> wrote: > I have the following situation at a site: > > - 1 pfsense box connected to the internet and lan (194.1.1.41) > - lan behind pfsense box (nat) (194.1.1.0/24) > - proxy (squid) box in lan (194.1.1.31) > - a few clients in the lan > > The last few weeks internet was really slow. I first started to look > at the squid configuration, but i found out that when i did a "telnet > hostnameontheinternet 80" on the squid-box, that too was really slow > (about 5 seconds till the socket was open). So i suspected that there > was not (primairily) something wrong with the squid config. The > strange thing is that when i open the same connection twice on the > squid-box (telnet port 80), the first time it takes about 5 seconds > till i get a connection to the host. The second time it works in > about 0,1 second. Now, pfsense has its own ssh-shell, so i tried the > same test on the pfsense-box. But there the socket to the > internethost opens fast the first time. My conclusion is that the > delay happends on the pfsense box (nat?). I can resolve all hostnames > and ip-adresses (forward and reverse) without any delay on the > pfsense and squid-box. > The firewall is completely open btw (lan, wan and pptp). > I hope someone can give me pointers to what the problem can be. > Thanks a lot in advance, Hmmm...slow the first time and fast the second possibly sounds like an issue in DNS resolution somewhere. Are you using pfSense as your DNS server for the LAN? Can you telnet to any host via IP address and see if the results differ? How about telneting through the pfSense box from a machine other than the squid box (you changed two things when you tested from the pfSense box, not one). --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] sockets over pfsense nat very slow
I have the following situation at a site: - 1 pfsense box connected to the internet and lan (194.1.1.41) - lan behind pfsense box (nat) (194.1.1.0/24) - proxy (squid) box in lan (194.1.1.31) - a few clients in the lan The last few weeks internet was really slow. I first started to look at the squid configuration, but i found out that when i did a "telnet hostnameontheinternet 80" on the squid-box, that too was really slow (about 5 seconds till the socket was open). So i suspected that there was not (primairily) something wrong with the squid config. The strange thing is that when i open the same connection twice on the squid-box (telnet port 80), the first time it takes about 5 seconds till i get a connection to the host. The second time it works in about 0,1 second. Now, pfsense has its own ssh-shell, so i tried the same test on the pfsense-box. But there the socket to the internethost opens fast the first time. My conclusion is that the delay happends on the pfsense box (nat?). I can resolve all hostnames and ip-adresses (forward and reverse) without any delay on the pfsense and squid-box. The firewall is completely open btw (lan, wan and pptp). I hope someone can give me pointers to what the problem can be. Thanks a lot in advance, Jeroen Hermans - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
