New rules broke Auto Config Backup

DominikHoffmann

In order to prevent circumvention of my home LAN’s use of the OpenDNS servers, I put in these rules for the first time tonight:

The notification system emails me messages like this

An error occurred while uploading the encrypted  configuration to https://acb.netgate.com/save (Failed to connect to acb.netgate.com port 443 after 15760 ms: No route to host)

Somehow this broke Auto Config Backup, but I don’t understand, why.

Another thing, the gateway is fully capable of finding the IP address of the Auto Config Backup server:

And the traceroute doesn’t look like it doesn’t get to the destination:

 1  xxx.xxx.xxx.1 (xxx.xxx.xxx.1)  2.610 ms  2.399 ms  2.472 ms
 2  10.101.180.89 (10.101.180.89)  2.269 ms  2.483 ms  1.982 ms
 3  10.102.0.194 (10.102.0.194)  2.472 ms  2.142 ms  2.322 ms
 4  10.102.0.0 (10.102.0.0)  2.514 ms  2.376 ms  2.060 ms
 5  10.101.180.54 (10.101.180.54)  2.831 ms  2.392 ms  2.414 ms
 6  lag-199.bear1.cincinnati1.level3.net (4.15.102.233)  4.726 ms  4.966 ms  4.870 ms
 7  * * *
 8  zayo-bandwi.ear5.dallas1.level3.net (4.14.49.2)  44.748 ms  42.099 ms  42.013 ms
 9  ae0.aus01-mls-dc-core-a.infr.zcolo.com (64.20.229.158)  42.267 ms  42.332 ms
    ae0.aus01-mls-dc-core-b.infr.zcolo.com (64.20.229.166)  42.210 ms
10  net66-219-34-198.static-customer.corenap.com (66.219.34.198)  41.937 ms
    net66-219-34-194.static-customer.corenap.com (66.219.34.194)  42.318 ms
    net66-219-34-198.static-customer.corenap.com (66.219.34.198)  41.978 ms
11  fw1-zcolo.netgate.com (208.123.73.4)  42.014 ms  41.997 ms  41.937 ms
12  fw1-zcolo.netgate.com (208.123.73.4)  41.919 ms !H  42.091 ms !H  42.418 ms !H

SteveITS

@dominikhoffmann if you turn on logging on that fourth (block) rule does it log anything?

DominikHoffmann

@steveits: I am barking up the wrong tree. When that rule is disabled, backups can still not be sent to acb.netgate.com.

DominikHoffmann

I did a web-based ping tool to ping acb.netgate.com. This is the output:

PING 208.123.73.212 (208.123.73.212) 56(84) bytes of data.
From 208.123.73.4 icmp_seq=1 Destination Host Unreachable
From 208.123.73.4 icmp_seq=2 Destination Host Unreachable
From 208.123.73.4 icmp_seq=3 Destination Host Unreachable
From 208.123.73.4 icmp_seq=4 Destination Host Unreachable
--- 208.123.73.212 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 8ms

Maybe the server is simply currently down.

SteveITS

@dominikhoffmann It pings from here currently.

Pinging acb.netgate.com [208.123.73.212] with 32 bytes of data:
Reply from 208.123.73.212: bytes=32 time=40ms TTL=50

DominikHoffmann

@steveits: It does on my end as well.