Please Help Me Under Stand! What The Issue IS.
-
@rcoleman-netgate ill be more than willing to let you team view in and poke around I have no problem with that because I'm not going crazy here something isn't right hell at this point i almost want to put money on it because i feel defeated
-
@rcoleman-netgate This is why I'm putting up such a fight. I have literally tested every option, including every configuration. From simply connecting a modem to a PC, to connecting a modem to a router, to connecting a modem to a router and a switch, to connecting a modem to PFSense and a computer, why in hell do you think I'm here? If I do these things, I'll be able to play Red Dead 2. only modem to computer, modem to router, and modem to router + switch. When I add pfSense, it fails to connect to Red Dead. I also went a step forward before contacting you. I connected the modem to the PFSense box and the box to a PC, but there was no response from Red Dead 2, not even a glimmer of hope. This is why I'm pushing back as hard as I can, because it seems that you don't believe me at all. I had two friends hop on my PC. Both work with pfSense and opensense on the daily, and both of them are like, "I have no idea what the hell is going on." Hell, they are the ones that also mentioned switching things around, like I explained, from modem to pfSense to computer. At this point, someone has to remote in and figure out what the hell is going on because you won't be able to understand it unless you see it with your own eyes.
-
@chpalmer I just found the pdf it is DOCSIS 3.0 whats the difference between the 2 3.1 and 3.0 https://d15yx0mnc9teae.cloudfront.net/sites/default/files/arris_tm1602-1426882223.pdf
-
Reviewing this thread some things jump out:
Sendto error 65 does not imply there was no response to pings it implies dpinger could not send a ping because there is no route. If that's to the gateway address that implies the WAN lost it's IP/subnet or was disconnected. That's unlikely to be related to this since it would break all traffic.
However since you only have one WAN I recommend you disable the gateway monitoring action in Sys > Routing > Gateways: Edit your WAN DHCP gateway. Only the action not the monitoring itself.@lawrence1986 said in Please Help Me Under Stand! What The Issue IS.:
This site can’t be reached
signin.rockstargames.com took too long to respond.This is not typically a DNS error. And since you are able to resolve it both in pfSense and the client it would not be expected. That error implies the server didn't respond or that responses never made it back.
What is your pfSense LAN IP address?
If it's anything other than 10.0.10.1 that tells us the AP is still NATing. Whilst that shouldn't prevent accessing the server it can only hurt.I would try running a packet capture in pfSense on the LAN interface. Set it for 1000 packets and set the host to filter by:
104.255.105.79. Start it then try to connect to Rockstar from a client. Check the pcap.Did any traffic from that IP come back at all?
Is the client sending unusually large packets?
https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.htmlSteve
-
S stephenw10 referenced this topic on
-
S stephenw10 referenced this topic on
-
Confirmed that is the LAN IP in the other thread. So the AP is working correctly. One thing ruled out.
-
@lawrence1986 i did what you asked the edit gateway part and the packet
10:49:33.362231 IP 10.0.10.83.65517 > 104.255.105.79.443: tcp 0
10:49:33.627449 IP 10.0.10.83.65518 > 104.255.105.79.443: tcp 0
10:49:34.365762 IP 10.0.10.83.65517 > 104.255.105.79.443: tcp 0
10:49:34.627732 IP 10.0.10.83.65518 > 104.255.105.79.443: tcp 0
10:49:34.854098 IP 10.0.10.83.65519 > 104.255.105.79.443: tcp 0
10:49:35.118942 IP 10.0.10.83.65520 > 104.255.105.79.443: tcp 0
10:49:35.854381 IP 10.0.10.83.65519 > 104.255.105.79.443: tcp 0
10:49:36.131218 IP 10.0.10.83.65520 > 104.255.105.79.443: tcp 0
10:49:36.377947 IP 10.0.10.83.65517 > 104.255.105.79.443: tcp 0
10:49:36.638794 IP 10.0.10.83.65518 > 104.255.105.79.443: tcp 0
10:49:37.867192 IP 10.0.10.83.65519 > 104.255.105.79.443: tcp 0
10:49:38.143654 IP 10.0.10.83.65520 > 104.255.105.79.443: tcp 0
10:49:40.386827 IP 10.0.10.83.65517 > 104.255.105.79.443: tcp 0
10:49:40.649047 IP 10.0.10.83.65518 > 104.255.105.79.443: tcp 0
10:49:41.878446 IP 10.0.10.83.65519 > 104.255.105.79.443: tcp 0
10:49:42.153660 IP 10.0.10.83.65520 > 104.255.105.79.443: tcp 0
10:49:45.168255 IP 10.0.10.83.65521 > 104.255.105.79.443: tcp 0
10:49:46.183025 IP 10.0.10.83.65521 > 104.255.105.79.443: tcp 0
10:49:48.196709 IP 10.0.10.83.65521 > 104.255.105.79.443: tcp 0
10:49:48.397464 IP 10.0.10.83.65517 > 104.255.105.79.443: tcp 0
10:49:48.657561 IP 10.0.10.83.65518 > 104.255.105.79.443: tcp 0
10:49:49.887460 IP 10.0.10.83.65519 > 104.255.105.79.443: tcp 0
10:49:50.164295 IP 10.0.10.83.65520 > 104.255.105.79.443: tcp 0
10:49:52.207855 IP 10.0.10.83.65521 > 104.255.105.79.443: tcp 0
10:49:56.923798 IP 10.0.10.83.65524 > 104.255.105.79.443: tcp 0
10:49:57.925331 IP 10.0.10.83.65524 > 104.255.105.79.443: tcp 0 -
@stephenw10 the AP it working right.... my brother is on wifi unless if I read your question wrong
-
Ok good. That's useful, if broken! So there are no responses at all coming back from the remote server. Even to the initial TCP SYN (0 bytes).
Run that same capture but on the WAN. Make sure it is leaving correctly and check for any replies there.
Steve
-
@stephenw10 here
11:00:54.493655 IP 24.236.182.222.59906 > 104.255.105.79.443: tcp 0
11:00:54.765867 IP 24.236.182.222.59994 > 104.255.105.79.443: tcp 0
11:00:55.503407 IP 24.236.182.222.59906 > 104.255.105.79.443: tcp 0
11:00:55.779869 IP 24.236.182.222.59994 > 104.255.105.79.443: tcp 0
11:00:57.062375 IP 24.236.182.222.59893 > 104.255.105.79.443: tcp 0
11:00:57.334214 IP 24.236.182.222.59830 > 104.255.105.79.443: tcp 0
11:00:57.518465 IP 24.236.182.222.59906 > 104.255.105.79.443: tcp 0
11:00:57.795553 IP 24.236.182.222.59994 > 104.255.105.79.443: tcp 0
11:00:58.072388 IP 24.236.182.222.59893 > 104.255.105.79.443: tcp 0
11:00:58.348850 IP 24.236.182.222.59830 > 104.255.105.79.443: tcp 0
11:01:00.072859 IP 24.236.182.222.59893 > 104.255.105.79.443: tcp 0
11:01:00.349552 IP 24.236.182.222.59830 > 104.255.105.79.443: tcp 0
11:01:01.519477 IP 24.236.182.222.59906 > 104.255.105.79.443: tcp 0
11:01:01.796813 IP 24.236.182.222.59994 > 104.255.105.79.443: tcp 0
11:01:04.087835 IP 24.236.182.222.59893 > 104.255.105.79.443: tcp 0
11:01:04.364173 IP 24.236.182.222.59830 > 104.255.105.79.443: tcp 0
11:01:09.527871 IP 24.236.182.222.59906 > 104.255.105.79.443: tcp 0
11:01:09.805082 IP 24.236.182.222.59994 > 104.255.105.79.443: tcp 0
11:01:12.095480 IP 24.236.182.222.59893 > 104.255.105.79.443: tcp 0
11:01:12.371567 IP 24.236.182.222.59830 > 104.255.105.79.443: tcp 0
11:01:19.133831 IP 24.236.182.222.59895 > 104.255.105.79.443: tcp 0
11:01:19.403173 IP 24.236.182.222.59983 > 104.255.105.79.443: tcp 0
11:01:20.139724 IP 24.236.182.222.59895 > 104.255.105.79.443: tcp 0
11:01:20.417062 IP 24.236.182.222.59983 > 104.255.105.79.443: tcp 0 -
@lawrence1986 so pfsense sends then traffic and you get no answer.
So maybe they don't like your IP. When you change the device connected to your isp modem.. You would get a different public IP normally because the mac address changes.
That could explain your problem. Change the mac of pfsense interface connect to the wan - you could do this by swapping the wan/lan interfaces - or you could clone a mac address. You want that 24.236.x.x address to be different..
But what you posted there pfsense is sending on the traffic - and your just not getting a response - so no it wouldn't work.
-
@lawrence1986 I can try that... explain how? directions of any type would be greatly appreciated
-
@johnpoz im going to try to change these interfaces first. that seems to be the simplest
-
Yes, seems like something is refusing your IP and since the other router works it's probably at the remote end. This is a good result, we have found a definite problem.
Swapping the WAN and LAN assignments is probably easiest.If you spoof the MAC address from the other router onto the existing WAN though you will get that same WAN IP which you know works. You can do that in Interfaces > WAN but of course you need to find the MAC from the other router.
Steve
-
Do you prefer good or bad news? The good news is that the issues appear to be completely resolved. The bad news is that I can't fight you all anymore.
-
@lawrence1986 so how much did your IP change, just the last octet, or some completely different range.
Very odd that ip Y works, but X does not.. If your whole IP range changed - it could point to a problem with the isp routing and not site blocking you.
Would be interesting to do a traceroute with it working, and then when it doesn't to see if actually get there via 1 address, but die somewhere early with the other.
Also curious to know if with the different IP if your still seeing disconnections or high packet loss in pfsense via dpinger?
-
@johnpoz I just switched interfaces like someone said then went to pfsense and just switched the wires
-
@lawrence1986 yeah that is what I said to do ;) What I am asking is how much did the wan IP change.. just by say the last number - or is it completely different range.
-
@stephenw10 The other question for yall is: Should I upgrade the modems to the new and improved DOCSIS 3.1?
-
@johnpoz 24.236.182.222 to 24.xxx.xxx.18 it jumped quite a bite
-
@lawrence1986 said in Please Help Me Under Stand! What The Issue IS.:
Should I upgrade the modems to the new and improved DOCSIS 3.1?
What speeds do you pay for - do you rent or own your modem? While docsis 3.1 is current, and most isp should really be changing out all the older 3.0 ones.
If your on a low speed connection, its not going to make much difference from your point of view. If you pay for 100/10 and you get 100/10 there would be little reason for you to change it out. Now if you pay for gig/X and your not seeing gig/X then yeah a change could help.
But then again - do you just rent it from your isp, or did you buy it out of pocket?
