Haproxy - Mobile Networks in UK completely broken
-
Hmm, that sounds like the providers DNS servers failing to resolve it. Or blocking it. Can you try resolving against a different DNS server whilst connected to mobile?
Has your domain or IP block been blacklisted somewhere perhaps?
-
@stephenw10 Urmm I can't see the Domain or IP being blocked though, I have a block of new IPs and Domains.
If i connect to a VPN it all starts working, I feel like its a problem with Mobile networks but why would different providers have the same problem?
When I was with Three I had loads of problems with their network not being able to connect to my services but that had issues with other websites too. I just find it a bit strange why Mobile Networks are having this problem, I have family in Southern Ireland and friends in the US they haven't had any issues at all except folk in the UK which i am complexed about.
Regards
-
When you connect to a VPN you probably start using the VPN providers DNS servers. I'm assuming you're testing from a phone directly rather than using it as a hotspot with some test client behind it?
-
@stephenw10 Yep testing it on the Phone itself. on a iPhone there is no option to change the DNS Providers settings which is one of the reasons why i connected to a VPN. I just find it very strange.
-
I'd try testing as a hotspot then. Some other client that can test against various DNS servers using the hotspot should prove this.
-
@VioletDragon I use the Hurricane electric network tools app on my iphone - lots of stuff it can do, one of which is query any dns you want.
This suite of network tools implements most of the network diagnostics that you need as a Network Engineer or System Administrator. This is the first version of our mobile app, please help us improve it by giving us feedback.
Interface Information: Get information regarding your device's current network state. ARP / NDP: Lookup local devices found on your network using either ARP (IPv4) or NDP (IPv6). DNS lookup: Search for a server's DNS zone records such as SOA, NS, A, AAAA, MX, TXT, and rDNS. IP Calculator: Calculate the Netmask, Wildcard, Network, Host range, and Broadcast for a given subnet. iperf (v2 and v3): Run TCP and UDP performance tests. One Time Password: Manage time (TOTP) and counter (HOTP) based OTP passwords. Uses iCloud Keychain sync (if enabled) on iOS devices. Ping: Send ICMP packets to a single IPv4/v6 address. Ping Sweep: Send ICMP packets to an entire subnet range. Traceroute: Find the route packets take to reach your destination. Progressive Traceroute: Get detailed statistics for a given route. Port Scan: Scan a list of custom or pre-defined TCP ports on any server. SSL/TLS Information: Check used protocol, ciphers and certificate information. Whois: Get information regarding domain registration. NO ADS!An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
@stephenw10 when testing over Hotspot, websites loads just a blank white screen nothing else.
Interestingly enough, websites randomly stops working too. Network connection was lost in Safari. Now I don’t know if this is a problem with the iPhone or not. I will test on android to see. It is very strange.
I switched from Three network because the Network was so congested you couldn’t load any websites.
I am beginning to wonder if this is more down to network congestion ?
Regards
-
@johnpoz I have been looking for a app like this for awhile. All resolves in the app under DNS lookup.
Regards
-
At some point you were seeing
DNS_PROBE_FINISHED_NXDOMAINthough? -
@stephenw10 Yeah on odd occasions though. It is very strange.
-
@stephenw10 Just out of interest. Could it be the way the block of 8 IPs are being routed? I configured them as VIPs. Then on Haproxy it’s configured on just WAN?
Regards
-
That should be fine. If it was broken it would be broken for everything.
-
@stephenw10 yeah thought so. Just tested it on an android phone. It all seems to be working apart from one of the services I host but no one else is having the issue.
Problem I have right now, is that no that I know can reproduce the problem there end. So I am not sure where to go from here now.
-
I would send some traffic and see if it arrives at your WAN. That will tell you for sure if the mobile network is filtering it.
-
@stephenw10 What would you use for that ? Wire shark ?
Regards
-
Run a pcap in pfSense initially just to see if anything arrives. Filter it by the mobile IP you're testing from. That's easier if you get a real IP. I know 3UK still give you a real address.
-
@stephenw10 Tested with pcap and used Wireshark to read the packet capture, I am seeing a lot of re-transmissions on Public facing WAN, I tested internally to see if i get the re-transmissions and I can say it's only on the Public facing WAN side.
Regards
-
You saw retransmissions from the remote test client coming into your WAN?
That implies haproxy did not reply to them. Or the replies never arrived.
-
@stephenw10 I've had a few friends test on both Celluar and DSL. The capture shows a lot of Re-transmissions going out and In I believe. It is worst on Celluar than DSL though but i guess that makes sense.
217.45 is one of my Static IPs, 82.13 is a friends Virgin Internet connection, You can see there is a couple of Re-Transmissions, now I dunno if this is causing a problem or not.
Regards
-
Ok the duplicated ACKs there imply the remote host is not seeing the packets pfSense is sending, and re-sending. For some reason.
I assume that remote host is seeing problems connecting the site hosted at that static IP.
