Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Incoming connections failing

    General pfSense Questions
    4
    4
    386
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Rich W.
      last edited by

      Hi. My problem might, or might not, be the same as the problem being experienced by Steve (a.k.a. "Wylbur").

      I recently moved from a Comcast Business Internet service area (San Francisco peninsula) to a new location in Utah that is serviced by another (smaller) provider. I have a public IP address here which is supposed to be accessible from the Internet at large. Sometimes it works, but it has intermittently stopped accepting inbound connection attempts (outbound traffic to the public Internet still works).

      At the suggestion of my ISP's tech support, I've tried unplugging the network cable to the outside and plugging it back in. I've also tried rebooting my router. Neither of these actions has helped any.

      My ISP insists everything is OK at their end and that the problem (whatever it is) must be with my pfSense setup (something which they are unable / unwilling to try to diagnose). Since this same equipment worked perfectly for over a year with Comcast Business, I am inclined to assume my equipment is OK and that my ISP has some sort of problem, but I have no way to confirm this (and, as I said, my ISP insists their setup is OK and that the problem must obviously be at my end).

      Note, again, that outbound traffic from my home to the public Internet via my new ISP and my pfSense router works just fine — so I can connect to public web sites, do SSH to my own external cloud servers, etc. But when the problem occurs, I am unable to connect inbound from my external cloud servers back to my home via my home's external IP address (which, as I said, is supposed to be accessible from the Internet at large).

      I have no real idea what to do next to fix, or even diagnose, this problem, and I'm basically stuck in a finger-pointing contest with my new ISP. Any suggestions?

      johnpozJ W 2 Replies Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Rich W.
        last edited by johnpoz

        @Rich-W said in Running pfsense 2.7.0-release (amd64) and it randomly fails losing connectiion to ISP:

        connect inbound from my external

        Did your pfsense wan IP change? Simple validation if the pfsense can see inbound traffic. Go to can you see me . org, pick some random tcp port 6666 for example and sniff (packet capture under diagnostic menu) on your pfsense wan for that port and run the test on can you see me.. Does pfsense see this traffic in the sniff, if not then the problem is upstream.

        packet.jpg

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Not the same problem I split this to a new topic.

          Yup, easy to prove if your ISP is not routing traffic to you. Just run a packet capture as @johnpoz shows.

          Steve

          1 Reply Last reply Reply Quote 0
          • W
            Wylbur @Rich W.
            last edited by

            @Rich-W If I may make a suggestion--

            if so, could you try a different gateway server to test your ISP and pFsense?

            Do you have a spare system that has two Ethernet ports?

            Do you have access to some free gateway server software?

            If you do, with the temp gateway server, set its ISP (WAN) side to get the IP address from your ISP, unless that is to be hard coded by you, then do that.

            If this fails, the ISP is having some kind of routing problems.

            Now with this gateway server, have it use Class B private for DHCP to the "LAN". This is so there will not be some weird routing issue by double NATing on CLASS C pvt.

            Use a switch between the gateway LAN and the pFsense WAN ports (so you don't have to make up a special cross-over cable).

            pFsense should show the correct WAN address and it should be a CLASS B PVT address.

            Now if you fail on the ISP side of the temp gateway system, that would indicate to me they are having a routing problem. If you fail on the WAN port of pFsense, pFsense appears to be having a problem.

            I've had to do all this once or twice to figure out what the problem was I was having. And I had a set up like this so that I could test a new gateway server's DHCP for the "LAN" to know I could swap the boxes. I was testing some network appliances I was building several years ago.

            Regards,
            Wylbur

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.