Please Help Me Under Stand! What The Issue IS.
-
@lawrence1986 It gave me a big, fat goose egg. I'm just going to snapshot some photos here so that way you can tell me if I'm doing it right.!
-
@lawrence1986 So, as I noted, that means your requests aren't even going to pfSense.
But I asked you to run
ipconfig /alland show us what your computer's settings are set to. If you're not calling pfSense for DNS (you could have it configured for that but your browser is using DNS over HTTPS or DoH) and that will not show up on UDP53.
Again I will comment that your photos are WAY BIG and hard to read. Please consider using Snipping Tool or another screen cap program instead of a cell phone camera.
-
@rcoleman-netgate i forgot! shit ok 1 min
-
@lawrence1986
Thank you - that image is much easier to read.Re-run the previous commands and the packet capture but this time make a few changes:
- Do not limit to UDP and port 53. Set to "any" and leave port blank.
- Change packet size from 100 to 0 (making it unlimited).
Start the capture right before you run your tests and attempts
after that stop the capture. It will attempt to capture ALL the data and that can get very big and unruly.After that is completed you can copy/paste the resulting text here -- it can be a lot of information but it's just a summary of detail and we can get the full pcap from you if needed afterwards.
-
@rcoleman-netgate redid it and I still have 0 packets..... just a white pages with nothing on it
-
@lawrence1986 Re-start the capture with the same settings and ping 10.0.10.1
- Does it respond?
- Does it appear in the capture when you stop it?
-
@lawrence1986 it's responding; it stops and starts but nothing appears in the capture.
-
@lawrence1986 How are you connected to the pfSense? What's your network layout and devices like?
-
@rcoleman-netgate im connect by gui. the network is simple just that modem to my pf box to my switch to my AP
-
@lawrence1986 No.
How do your devices connect? Ethernet? Wireless? What is the wireless you're using? What hardware are you running between there and the pf?
Here's an incomplete one of my own network:
-
@rcoleman-netgate My modem is a Motorola TM1602A MTA, my PFSense box is a Dell Optiplex 3010 with an Intel Dell X3959 Dual Port Gigabit Network Card and 8GB of RAM, and my switch is an HPE Office Connect 1420 8-port switch with no PoE. The WAP is a TP-Link Archer AX3000 how I'm connected is eth my wife as well my brothers both wifi
-
@lawrence1986 Plug directly into the switch, or better yet directly into the pfSense and see if it works to get on the website then
If so the issue isn't pfSense. It's your Archer (esp if you aren't using it in AP Mode but have it routing data) and your switch could be causing issues too.
I suspect you have a poorly configured Wireless.
Your PF is almost certainly NOT the issue.
-
@rcoleman-netgate its in AP mode in the router it labels it as WAP mode its funky like that
-
@lawrence1986 Plug directly into the interface on the pfSense. Remove all the extra hardware to confirm it is not causing issues.
When you pinged the 10.address and it didn't appear on the pfSense capture means that the pfSense isn't at that IP address. Something is in the way and causing all your trouble.
-
@rcoleman-netgate I guess I'm going back to an old router because I can get on red-dead when I connect my modem to the wife's PC, or when I connect the modem plus router, or when I use the modem plus router plus switch, but I can't get on red-dead when I connect my PFSense. I guess since there's nothing wrong with my PFSense, I must just have a huge, wild imagination and be seeing things. I must have been drunk for the past week.
-
@lawrence1986 If you're not willing to connect directly into the pfSense to run your test you can't eliminate the other hardware you have from being the issue.
After you've done that test re-run the DNS calls, the ping, the packet capture, etc. and let us know what you found.
-
@rcoleman-netgate ill be more than willing to let you team view in and poke around I have no problem with that because I'm not going crazy here something isn't right hell at this point i almost want to put money on it because i feel defeated
-
@rcoleman-netgate This is why I'm putting up such a fight. I have literally tested every option, including every configuration. From simply connecting a modem to a PC, to connecting a modem to a router, to connecting a modem to a router and a switch, to connecting a modem to PFSense and a computer, why in hell do you think I'm here? If I do these things, I'll be able to play Red Dead 2. only modem to computer, modem to router, and modem to router + switch. When I add pfSense, it fails to connect to Red Dead. I also went a step forward before contacting you. I connected the modem to the PFSense box and the box to a PC, but there was no response from Red Dead 2, not even a glimmer of hope. This is why I'm pushing back as hard as I can, because it seems that you don't believe me at all. I had two friends hop on my PC. Both work with pfSense and opensense on the daily, and both of them are like, "I have no idea what the hell is going on." Hell, they are the ones that also mentioned switching things around, like I explained, from modem to pfSense to computer. At this point, someone has to remote in and figure out what the hell is going on because you won't be able to understand it unless you see it with your own eyes.
-
@chpalmer I just found the pdf it is DOCSIS 3.0 whats the difference between the 2 3.1 and 3.0 https://d15yx0mnc9teae.cloudfront.net/sites/default/files/arris_tm1602-1426882223.pdf
-
Reviewing this thread some things jump out:
Sendto error 65 does not imply there was no response to pings it implies dpinger could not send a ping because there is no route. If that's to the gateway address that implies the WAN lost it's IP/subnet or was disconnected. That's unlikely to be related to this since it would break all traffic.
However since you only have one WAN I recommend you disable the gateway monitoring action in Sys > Routing > Gateways: Edit your WAN DHCP gateway. Only the action not the monitoring itself.@lawrence1986 said in Please Help Me Under Stand! What The Issue IS.:
This site can’t be reached
signin.rockstargames.com took too long to respond.This is not typically a DNS error. And since you are able to resolve it both in pfSense and the client it would not be expected. That error implies the server didn't respond or that responses never made it back.
What is your pfSense LAN IP address?
If it's anything other than 10.0.10.1 that tells us the AP is still NATing. Whilst that shouldn't prevent accessing the server it can only hurt.I would try running a packet capture in pfSense on the LAN interface. Set it for 1000 packets and set the host to filter by:
104.255.105.79. Start it then try to connect to Rockstar from a client. Check the pcap.Did any traffic from that IP come back at all?
Is the client sending unusually large packets?
https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.htmlSteve
-
S stephenw10 referenced this topic on
-
S stephenw10 referenced this topic on