Re: [pfSense] terrible performance on NFS & CIFS

2014-11-06 Thread Sean
Ah, my bad... I kind of glazed over the CIFS bit. ;-) Have you compared a packet capture of client traffic while it's on the LAN performing at 1gb to the capture through pfSense? The TCP Window Size could be a red herring...? On Thu, Nov 6, 2014 at 5:23 PM, Adam Thompson wrote: > Ok, recap ag

Re: [pfSense] terrible performance on NFS & CIFS

2014-11-06 Thread Adam Thompson
Ok, recap again... - this affects multiple protocols, not just NFS. I've now confirmed it affects SSH as well. - this only occurs when the server is behind pfSense and the client is on the "outside" of the firewall. - this problem does not occur in the other direction through pfSense (LAN->WAN).

Re: [pfSense] terrible performance on NFS & CIFS

2014-11-06 Thread Espen Johansen
Just a guess but...any chance you have BCM NICs? 7. nov. 2014 00:09 skrev "Adam Thompson" følgende: > Well, that would definitely cause a problem if it were the case, but... > 1) TCP window size != MTU, > 2) all switches and Router (but not pfSense) can both handle 9000-byte > frames anyway, > 3)

Re: [pfSense] terrible performance on NFS & CIFS

2014-11-06 Thread Sean
I strongly recommend not tinkering with your MTU setting and instead correct the setting on the server side... I think you should start reading here: http://nfs.sourceforge.net/nfs-howto/ar01s05.html Particularly this section: > 5.3. Overflow of Fragmented Packets > > Using an *rsize* or *wsize*

Re: [pfSense] terrible performance on NFS & CIFS

2014-11-06 Thread Adam Thompson
Well, that would definitely cause a problem if it were the case, but... 1) TCP window size != MTU, 2) all switches and Router (but not pfSense) can both handle 9000-byte frames anyway, 3) MTU on server and client are both standard, at 1514, 4) I can confirm no fragmentation is occurring. Still do

Re: [pfSense] terrible performance on NFS & CIFS

2014-11-06 Thread David Burgess
On Wed, Nov 5, 2014 at 5:47 PM, Adam Thompson wrote: > Problem: really, really bad performance (<10Mbps) on both NFS (both tcp > and udp) and CIFS through pfSense. > In my experience, latency is the big buzzkill for CIFS. It seems like any latency will slow things down, and the more you have, th

Re: [pfSense] terrible performance on NFS & CIFS

2014-11-06 Thread Sean
Not a TCP expert but the MTU is nearly always 1500 (or just under) hence your limit. Sending packets greater than the MTU will lead to fragmentation. Fragmentation leads to re-transmissions (depends on do not fragment bit?) and performance problems. Performance problems leads to frustration and

[pfSense] pfr_unroute_kentry delete failed

2014-11-06 Thread Pfsense Smart Mail
Hey, We have 2 pfsense boxes using CARP. One wan gateway. The slave box will freeze up and the error: pfr_unroute_kentry delete failed Is on the console. I did search for this but I am not sure how to fix it, it's a bit unclear to me exactly whats the problem. It seems that one of th

Re: [pfSense] Disconnected

2014-11-06 Thread Ryan Coleman
Then you need to go to a VM list instead of this list for help… You have two or three possible solutions and you’re stuck with a software problem that is 100% not connected to the group you’re coming to. You need to upgrade your ESXi install - but your hardware can’t run anything newer. Time to

Re: [pfSense] Disconnected

2014-11-06 Thread Adam Thompson
Been there, done that. My firewalls now run on hardware :-). The other possibility is to run redundant firewalls in *different* ESX clusters so that a failure in one doesn't take you completely offline. -Adam On November 6, 2014 10:44:06 AM CST, Brian Caouette wrote: >Problem is I can't even ru

Re: [pfSense] Disconnected

2014-11-06 Thread Brian Caouette
Problem is I can't even run the windows software to manage anything so a 2nd vm probably won't help. As long as the wan/lan are in a disconnect state i'm stuck with the boot to esxi 4.1 since I can't even start the vm that has pfsense on it. On 11/6/2014 11:09 AM, Ryan Coleman wrote: I’ll be

Re: [pfSense] 2.1.5: RRD: There has been an error creating the graphs.

2014-11-06 Thread Olivier Mascia
> On Nov 5, 2014 8:39 AM, "Olivier Mascia" > wrote: > Hello, > > Checking the logs, I get 5 or 6 errors ... > I expect that clearing whatever past data there is might help clean the > error. What steps should I take to reset this? > > Le 5 nov. 2014 à 23:41, Oliver H

Re: [pfSense] Disconnected

2014-11-06 Thread Ryan Coleman
I’ll be honest you shouldn’t rely on a VM to host your routing connection - I do it and I know I will be left in a lurch *AGAIN* (three times so far) so I keep a second and third VM spun up at all times in case the Guest OS goes wonky. Make a new VM. That’s your easiest, cheapest route. After yo

Re: [pfSense] Disconnected

2014-11-06 Thread Brian Caouette
So my internet has been limited without pfsense online. I just replied to prior message from Bryan. As an option in the future what is the least costly way to go with new hardware? I use squid for cache and traffic logging as well as content filtering. I also use captive portal were each child

Re: [pfSense] Disconnected

2014-11-06 Thread Brian Caouette
Sorry my network has been limited with pfsense being down. I am at work now trying to get caught up. My pfsense is the current version (2.1.5) and the esxi was installed in March/April of this of this year so I assume its the most recent that supports my hardware. Just not sure why out of the b