Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Berrick]

Greetings all. Looking at the weather forecast I hope you haven't put your winter clothes away just yet.

I haven't had any time to look into this but thought I would ask the question anyway.

I have a client who recently upgraded to FTTC but was getting rubbish speeds so he ask me to take a look. Beatie (not his ISP) had installed a HG612 to which a pfsense firewall is connected. Using speedtest dot net the speeds are shockingly low about 6Mbs down.

Connecting the Zyxel router his ISP had sent instead of the firewall to the HG612 the speed shot up to those I had anticipated 37Mbps down and 12Mbps up. This is how it was left for a week and the client monitored the speeds daily so we had a baseline to work from.

I have since been back with another HG612 (unlocked) and an ECI and found that using the pfsense firewall and either HG612 causes this massive drop in speed. It doesn't appear to be a duplex mismatch as pinging across the firewall and router isn't showing dropped ping.

Anyone have any thoughts about what could be causing this. The NIC's in the firewall are intel.

TYIA

[roseway]

I don't know the answer to the question, but any half decent router will include an effective firewall, so I can see very little point in using a separate firewall device. I would dump it and use the ISP-supplied router.

[Blackeagle]

I guess it depends on what is sat at the other side of the firewall Eric.  If there is a webserver for instance, then at least one port will be forwarded through the routers firewall and as such it makes sense to add a layer of security against 'drive-by' hackers. In my own case, I have to run fail2ban for my little 3 page site.

Quite why the HG612 should not like the firewall I have no idea, although to me it would make sense to use the ECI if it does not exhibit this behaviour.

To get to the bottom of it, I'd be putting Wireshark on the firewall and monitoring all the traffic on the incoming NIC with each modem connected in turn.

[Berrick]

Hi roseway, all ISP supplied routers I have come across don't offer the functionality or flexibility that comes with a proper firewall. For example with pfsense you can configure it to act as a transparent proxy which is the main reason they are using it.

Blackeagle, as the customer uses their broadband extensively for his business I'm not sure I will have the luxury of investigating this puzzle to any length especially as he knows that an ECI works. At this point it is more about satisfying my curiosity as to why this should be happening and posting in case others hit this problem with other hardware attached to the HG612.

Still I have wireshark on my lappy so I can take a trace.

thanks for the replies