Can't reach a specific IP address
-
I know that this looks similar to some existing posts, but I've tried everything I could find in the various threads and nothing seems to work.
My client noticed this morning that they could not reach the Palmetto GBA website; every other site that they (or I) have tried seems to be working. There may be others we can't reach, but I haven't found them yet. They have used the site every day up to last week, and I'm not aware of any unusual activity over the weekend.
I try to Ping from the Diagnostics menu on pfSense; here's the output (I'm obscuring the client's IP address):
PING www.palmettogba.com (216.251.231.64) from xx.xxx.xxx.xxx: 56 data bytes
–- www.palmettogba.com ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet lossThat IS the correct IP address; DNS is working just fine. Also, if I unplug pfSense and plug my Win7 laptop into the T1, ipconfig'd to match the pfSense box, I am able to surf to the website and/or ping the address. Running Traceroute from pfSense simply shows line after line of "* * *".
Things I've tried:
-
Double and triple-checking the IP address, gateway, netmask. (I won't type it here, but I did set it the same on my laptop; I enter the netmask on pfSense as /29 and in Win7 as 255.255.255.248)
-
Changing the max MTU to various values between 1500 and 1250 (that just seemed like a nice arbitrary cutoff), plus 576.
-
Checking "Disable Hardware Checksum Offloading"; it made no difference.
-
Upgrading from 1.2.3RC3 to 1.2.3RELEASE
-
My NIC is a dual-port Intel Pro/100; I read in the 1.2.3 release notes that there might be a problem with this card under the new version, but I've now tried both checking and un-checking the checksum offloading option, both under the old version and the new.
-
I have set up pfSense boxes for several other clients in the same building, with two other ISPs. I'm able to reach Palmetto from all the others, which initially led me to blame this ISP - but using a direct connection ruled that out.
-
I'm not using Squid, or SquidGuard, or any blocking rules in the firewall.
Nothing works - I'm still unable to ping 216.251.231.64. I CAN ping 216.251.231.63 (although I don't know what machine is at the far side, or even whether it's owned by Palmetto), but not 216.251.231.65.
And again, if I bypass pfSense and plug my laptop directly into the T1, I am able to ping or surf to 216.251.231.64.
Any ideas? I'm stumped.
-
-
Do you have a route in pfSense for 216.251.231.64? The shell command # netstat -rn will display the routing table.
-
can you run tcpdump on the WAN interface and then try to go to the IP in question and see what happens?
-
# netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default OurIP UGS 0 696187 fxp1 OurNetwork/29 link#2 UC 0 0 fxp1 OurGateway 00:a0:c8:41:75:f3 UHLW 2 12755 fxp1 1175 127.0.0.1 127.0.0.1 UH 0 0 lo0 192.168.33.0&0xc0a82102 link#9 UC 0 522 tap0 192.168.254.0/24 link#1 UC 0 0 fxp0 192.168.254.5 00:10:5a:62:f0:a9 UHLW 1 133 fxp0 621 192.168.254.18 00:11:11:97:e8:44 UHLW 1 11725 fxp0 1043 192.168.254.23 00:0b:db:83:dd:00 UHLW 1 4360 fxp0 750 192.168.254.32 00:0d:56:9b:4e:fc UHLW 1 56806 fxp0 1199 192.168.254.48 00:15:f2:92:40:cc UHLW 1 8247 fxp0 1062 192.168.254.49 00:15:f2:92:41:3b UHLW 1 11531 fxp0 979 192.168.254.50 00:15:f2:92:41:4b UHLW 1 578 fxp0 623 192.168.254.101 00:15:f2:92:d0:60 UHLW 1 1498 fxp0 1077 192.168.254.103 00:15:f2:92:3d:d7 UHLW 1 845 fxp0 1196 192.168.254.105 00:00:06:c2:d2:e2 UHLW 1 7496 fxp0 1157 192.168.254.106 00:15:f2:92:41:3d UHLW 1 2518 fxp0 856 192.168.254.109 00:13:20:76:ae:43 UHLW 1 19262 fxp0 1139 192.168.254.112 00:15:f2:92:d0:78 UHLW 1 12799 fxp0 1107 192.168.254.113 00:15:f2:92:41:23 UHLW 1 569 fxp0 1199 192.168.254.114 00:15:f2:92:d0:7a UHLW 1 19159 fxp0 1189 192.168.254.116 00:0d:56:9b:4f:ee UHLW 1 21249 fxp0 1012 192.168.254.130 00:1d:6a:cd:84:f8 UHLW 1 177 fxp0 1184 192.168.254.132 00:26:18:30:13:8f UHLW 1 140525 fxp0 1132 192.168.254.172 00:13:20:96:c5:33 UHLW 1 14529 fxp0 1182 192.168.254.254 00:50:8b:68:d6:8a UHLW 1 200019 lo0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UHL lo0 fe80::%fxp0/64 link#1 UC fxp0 fe80::250:8bff:fe68:d68a%fxp0 00:50:8b:68:d6:8a UHL lo0 fe80::%fxp1/64 link#2 UC fxp1 fe80::250:8bff:fe68:d68b%fxp1 00:50:8b:68:d6:8b UHL lo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#4 UHL lo0 fe80::%tap0/64 link#9 UC tap0 fe80::2bd:2ff:fe26:0%tap0 00:bd:02:26:00:00 UHL lo0 ff01:1::/32 link#1 UC fxp0 ff01:2::/32 link#2 UC fxp1 ff01:4::/32 ::1 UC lo0 ff01:9::/32 link#9 UC tap0 ff02::%fxp0/32 link#1 UC fxp0 ff02::%fxp1/32 link#2 UC fxp1 ff02::%lo0/32 ::1 UC lo0 ff02::%tap0/32 link#9 UC tap0 #
-
# tcpdump -i fxp1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp1, link-type EN10MB (Ethernet), capture size 96 bytes 10:01:57.794369 IP OurIP-static-ip.OurISP.39016 > resolver1.opendns.com.domain: 25261+ PTR? 251.105.31.75.in-addr.arpa. (44) 10:01:57.811647 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.39016: 25261 1/0/0 (101) 10:01:57.811870 IP OurIP-static-ip.OurISP.19267 > resolver1.opendns.com.domain: 25262+ PTR? 194.250.31.96.in-addr.arpa. (44) 10:01:57.829150 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.19267: 25262 1/0/0 (97) 10:01:58.189008 IP OurIP-static-ip.OurISP.10372 > resolver1.opendns.com.domain: 24662+ A? www.palmettogba.com. (37) 10:01:58.206758 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.10372: 24662 1/0/0 A ega-palmetto-vip1.min.navisite.net (53) 10:01:58.829175 IP OurIP-static-ip.OurISP.56762 > resolver1.opendns.com.domain: 25263+ PTR? 222.222.67.208.in-addr.arpa. (45) 10:01:58.846350 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.56762: 25263 1/0/0 (80) 10:01:58.846671 IP OurIP-static-ip.OurISP.38338 > resolver1.opendns.com.domain: 25264+ PTR? 64.231.251.216.in-addr.arpa. (45) 10:01:58.863835 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.38338: 25264 1/0/0 (93) 10:01:58.990035 IP OurIP-static-ip.OurISP.60234 > resolver1.opendns.com.domain: 11881+ A? track.bestbuy.com. (35) 10:01:58.990054 IP OurIP-static-ip.OurISP.60234 > resolver2.opendns.com.domain: 11881+ A? track.bestbuy.com. (35) 10:01:59.007390 IP resolver2.opendns.com.domain > OurIP-static-ip.OurISP.60234: 11881 2/0/0 CNAME[|domain] 10:01:59.009075 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: S 833524787:833524787(0) win 65535 <mss 1452,nop,nop,sackok="">10:01:59.009398 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.60234: 11881 2/0/0 CNAME[|domain] 10:01:59.030349 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: S 403433822:403433822(0) ack 833524788 win 8190 <mss 1436="">10:01:59.030521 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . ack 1 win 65535 10:01:59.031473 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: P 1:103(102) ack 1 win 65535 10:01:59.055940 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: P 1437:2149(712) ack 103 win 40856 10:01:59.056388 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . ack 1 win 65535 10:01:59.059988 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: P 1:1437(1436) ack 103 win 40856 10:01:59.060783 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . ack 2149 win 65535 10:01:59.062705 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: P 103:285(182) ack 2149 win 65535 10:01:59.085522 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: . ack 285 win 40674 10:01:59.085874 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: P 2149:2192(43) ack 285 win 40674 10:01:59.097314 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . 285:1721(1436) ack 2192 win 65492 10:01:59.097344 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: P 1721:1999(278) ack 2192 win 65492 10:01:59.100122 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: S 2299413984:2299413984(0) win 65535 <mss 1452,nop,nop,sackok="">10:01:59.107728 IP OurIP-static-ip.OurISP.8713 > resolver1.opendns.com.domain: 44673+ A? myrewardzone.bestbuy.com. (42) 10:01:59.107745 IP OurIP-static-ip.OurISP.8713 > resolver2.opendns.com.domain: 44673+ A? myrewardzone.bestbuy.com. (42) 10:01:59.124892 IP resolver2.opendns.com.domain > OurIP-static-ip.OurISP.8713: 44673 3/0/0 CNAME[|domain] 10:01:59.126422 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: S 822370893:822370893(0) win 65535 <mss 1452,nop,nop,sackok="">10:01:59.127519 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: . ack 1999 win 38960 10:01:59.127868 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: S 876682214:876682214(0) ack 2299413985 win 8190 <mss 1436="">10:01:59.128165 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: . ack 1 win 65535 10:01:59.129065 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: P 1:103(102) ack 1 win 65535 10:01:59.138516 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: P 2192:3168(976) ack 1999 win 38960 10:01:59.146374 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: S 2165773839:2165773839(0) ack 822370894 win 5840 <mss 1460,nop,nop,sackok="">10:01:59.146690 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 1 win 65535 10:01:59.147788 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 1:103(102) ack 1 win 65535 10:01:59.151389 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: P 1:86(85) ack 103 win 40856 10:01:59.151870 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: P 86:123(37) ack 103 win 40856 10:01:59.152269 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: . ack 123 win 65413 10:01:59.153104 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: P 103:146(43) ack 123 win 65413 10:01:59.159452 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: . 146:1582(1436) ack 123 win 65413 10:01:59.159478 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: P 1582:1850(268) ack 123 win 65413 10:01:59.168450 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 103 win 5840 10:01:59.172510 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . 1:1453(1452) ack 103 win 5840 10:01:59.173410 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: P 1453:1789(336) ack 103 win 5840 10:01:59.173754 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 1789 win 65535 10:01:59.174867 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: . ack 146 win 40813 10:01:59.174940 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 103:285(182) ack 1789 win 65535 10:01:59.188878 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: . ack 1850 win 39109 10:01:59.193760 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: P 123:1099(976) ack 1850 win 39109 10:01:59.200391 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: P 1789:1832(43) ack 285 win 6432 10:01:59.203557 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 285:1564(1279) ack 1832 win 65492 10:01:59.247908 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.8713: 44673 3/0/0 CNAME[|domain] 10:01:59.287896 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 1564 win 8953 10:01:59.293444 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: P 1832:2180(348) ack 1564 win 8953 10:01:59.294661 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 1564:2915(1351) ack 2180 win 65144 10:01:59.321897 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 2915 win 12159 10:01:59.371960 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . ack 3168 win 64516 10:01:59.371978 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: . ack 1099 win 64437 10:01:59.379057 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . 2180:3632(1452) ack 2915 win 12159 10:01:59.381497 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: P 3632:4535(903) ack 2915 win 12159 10:01:59.381874 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 4535 win 65535 10:01:59.437059 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 2083315273:2083315345(72) ack 681456438 win 65153 10:01:59.700671 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . 1999:3435(1436) ack 3168 win 64516 10:01:59.700715 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: P 3435:3974(539) ack 3168 win 64516 10:01:59.702723 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 2915:4032(1117) ack 4535 win 65535 10:01:59.709268 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: S 1041588349:1041588349(0) win 65535 <mss 1452,nop,nop,sackok="">10:01:59.709657 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: S 1190721936:1190721936(0) win 65535 <mss 1452,nop,nop,sackok="">10:01:59.709908 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: S 911564052:911564052(0) win 65535 <mss 1452,nop,nop,sackok="">10:01:59.722477 IP ats-mea.dial.aol.com.aol > OurIP-static-ip.OurISP.8779: . ack 72 win 16384 10:01:59.729974 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: . ack 3974 win 8190 10:01:59.736671 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: P 3168:4183(1015) ack 3974 win 32768 10:01:59.736688 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 4032 win 14861 10:01:59.736707 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.62557: S 2165155161:2165155161(0) ack 1041588350 win 5840 <mss 1460,nop,nop,sackok="">10:01:59.736725 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: S 2165988515:2165988515(0) ack 1190721937 win 5840 <mss 1460,nop,nop,sackok="">10:01:59.736740 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: S 2162041014:2162041014(0) ack 911564053 win 5840 <mss 1460,nop,nop,sackok="">10:01:59.737221 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 1 win 65535 10:01:59.737234 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 1 win 65535 10:01:59.737249 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 1 win 65535 10:01:59.737727 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 1:103(102) ack 1 win 65535 10:01:59.737991 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 1:103(102) ack 1 win 65535 10:01:59.738399 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 1:103(102) ack 1 win 65535 10:01:59.739587 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: P 4535:5399(864) ack 4032 win 14861 10:01:59.758515 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.62557: . ack 103 win 5840 10:01:59.758996 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.62557: P 1:123(122) ack 103 win 5840 10:01:59.759026 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: . ack 103 win 5840 10:01:59.759496 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: . ack 103 win 5840 10:01:59.759988 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: P 1:123(122) ack 103 win 5840 10:01:59.760050 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 103:146(43) ack 123 win 65413 10:01:59.760547 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: P 1:123(122) ack 103 win 5840 10:01:59.760721 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 103:146(43) ack 123 win 65413 10:01:59.764081 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 146:1265(1119) ack 123 win 65413 10:01:59.764198 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 146:1266(1120) ack 123 win 65413 10:01:59.764412 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 103:146(43) ack 123 win 65413 10:01:59.767139 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 146:1261(1115) ack 123 win 65413 10:01:59.789487 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.62557: . ack 1265 win 7833 10:01:59.789507 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: . ack 1266 win 7840 10:01:59.791537 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: P 123:645(522) ack 1266 win 7840 10:01:59.793538 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.62557: P 123:645(522) ack 1265 win 7833 10:01:59.796572 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: . ack 1261 win 7805 10:01:59.798083 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: P 123:440(317) ack 1261 win 7805 10:01:59.823849 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 72:197(125) ack 1 win 65153 10:01:59.824014 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 197:294(97) ack 1 win 65153 10:01:59.824190 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 294:419(125) ack 1 win 65153 10:01:59.824260 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 419:474(55) ack 1 win 65153 10:01:59.863324 IP OurIP-static-ip.OurISP.35241 > resolver1.opendns.com.domain: 25265+ PTR? 220.220.67.208.in-addr.arpa. (45) 10:01:59.874973 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 440 win 65096 10:01:59.874987 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 5399 win 64671 10:01:59.875005 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . ack 4183 win 65535 10:01:59.880605 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.35241: 25265 1/0/0 (80) 10:01:59.880917 IP OurIP-static-ip.OurISP.14216 > resolver1.opendns.com.domain: 25266+ PTR? 35.84.154.64.in-addr.arpa. (43) 10:01:59.975577 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 645 win 64891 10:01:59.975591 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 645 win 64891 10:02:00.109542 IP ats-mea.dial.aol.com.aol > OurIP-static-ip.OurISP.8779: . ack 474 win 16384 10:02:00.179575 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.14216: 25266 1/0/0 (74) 10:02:00.180057 IP OurIP-static-ip.OurISP.6643 > resolver1.opendns.com.domain: 25267+ PTR? 194.49.247.72.in-addr.arpa. (44) 10:02:00.346630 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.6643: 25267 1/0/0 (102) 10:02:00.347395 IP OurIP-static-ip.OurISP.64129 > resolver1.opendns.com.domain: 25268+ PTR? 221.10.12.64.in-addr.arpa. (43) 10:02:00.364610 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.64129: 25268 1/0/0 (77) 10:02:05.766047 IP OurIP-static-ip.OurISP.8045 > triangle.kansas.net.ntp: NTPv4, Client, length 48 10:02:06.365218 IP OurIP-static-ip.OurISP.29635 > resolver1.opendns.com.domain: 25269+ PTR? 6.144.6.64.in-addr.arpa. (41) 10:02:06.382138 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.29635: 25269 1/0/0 PTR[|domain] 10:02:06.542440 IP OurIP-static-ip.OurISP > 96-31-250-193-static-ip.OurISP: ICMP echo request, id 39658, seq 0, length 64 10:02:06.542819 IP 96-31-250-193-static-ip.OurISP > OurIP-static-ip.OurISP: ICMP echo reply, id 39658, seq 0, length 64 10:02:06.770680 IP OurIP-static-ip.OurISP.27658 > resolver1.opendns.com.domain: 24349+ A? safebrowsing.clients.google.com. (49) 10:02:06.788228 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.27658: 24349 7/0/0[|domain] 10:02:06.789049 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: S 586893794:586893794(0) win 65535 <mss 1452,nop,nop,sackok="">10:02:06.807760 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: S 164501910:164501910(0) ack 586893795 win 5720 <mss 1430,nop,nop,sackok="">10:02:06.807913 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . ack 1 win 65535 10:02:06.808810 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 1:1431(1430) ack 1 win 65535 10:02:06.808930 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 1431:2861(1430) ack 1 win 65535 10:02:06.835217 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 1431 win 8580 10:02:06.835233 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 2861 win 11440 10:02:06.835855 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: P 2861:4291(1430) ack 1 win 65535 10:02:06.835977 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 4291:5721(1430) ack 1 win 65535 10:02:06.836098 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 5721:7151(1430) ack 1 win 65535 10:02:06.836218 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: P 7151:8581(1430) ack 1 win 65535 10:02:06.862216 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 4291 win 14300 10:02:06.862231 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 5721 win 17160 10:02:06.862849 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 8581:10011(1430) ack 1 win 65535 10:02:06.862970 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 10011:11441(1430) ack 1 win 65535 10:02:06.863091 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: P 11441:12871(1430) ack 1 win 65535 10:02:06.863212 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 12871:14301(1430) ack 1 win 65535 10:02:06.870208 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 7151 win 20020 10:02:06.870223 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 8581 win 22880 10:02:06.870820 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 14301:15731(1430) ack 1 win 65535 10:02:06.870866 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: P 15731:16235(504) ack 1 win 65535 10:02:06.889290 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 10011 win 25740 10:02:06.889343 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 11441 win 28600 10:02:06.896830 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 12871 win 31460 10:02:06.896845 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 14301 win 34320 10:02:06.905211 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 15731 win 37180 10:02:06.905226 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 16235 win 40040 10:02:06.931791 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: P 1:539(538) ack 16235 win 40040 10:02:07.048350 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . ack 539 win 64997 10:02:07.056077 IP OurIP-static-ip.OurISP.44772 > resolver1.opendns.com.domain: 34704+ A? safebrowsing-cache.google.com. (47) 10:02:07.073250 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.44772: 34704 2/0/0[|domain] 10:02:07.074001 IP OurIP-static-ip.OurISP.27885 > 74.125.3.228.http: S 2446807999:2446807999(0) win 65535 <mss 1452,nop,nop,sackok="">10:02:07.347310 IP 74.125.3.228.http > OurIP-static-ip.OurISP.27885: S 645997509:645997509(0) ack 2446808000 win 5840 <mss 1460,nop,nop,sackok="">10:02:07.347488 IP OurIP-static-ip.OurISP.27885 > 74.125.3.228.http: . ack 1 win 65535 10:02:07.348022 IP OurIP-static-ip.OurISP.27885 > 74.125.3.228.http: P 1:719(718) ack 1 win 65535 10:02:07.382264 IP OurIP-static-ip.OurISP.5954 > resolver1.opendns.com.domain: 25270+ PTR? 193.250.31.96.in-addr.arpa. (44) 10:02:07.399325 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.5954: 25270 1/0/0 (97) 10:02:07.399646 IP OurIP-static-ip.OurISP.42334 > resolver1.opendns.com.domain: 25271+ PTR? 100.19.125.74.in-addr.arpa. (44) 10:02:07.416923 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.42334: 25271 1/0/0 (84) 10:02:07.417429 IP OurIP-static-ip.OurISP.24963 > resolver1.opendns.com.domain: 25272+ PTR? 228.3.125.74.in-addr.arpa. (43) 10:02:07.434814 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.24963: 25272 NXDomain 0/0/0 (43) 10:02:07.545972 IP OurIP-static-ip.OurISP > 96-31-250-193-static-ip.OurISP: ICMP echo request, id 39658, seq 1, length 64 10:02:07.546534 IP 96-31-250-193-static-ip.OurISP > OurIP-static-ip.OurISP: ICMP echo reply, id 39658, seq 1, length 64 10:02:07.623839 IP 74.125.3.228.http > OurIP-static-ip.OurISP.27885: . ack 719 win 7180 10:02:07.626359 IP 74.125.3.228.http > OurIP-static-ip.OurISP.27885: P 1:234(233) ack 719 win 7180 10:02:07.626969 IP 74.125.3.228.http > OurIP-static-ip.OurISP.27885: P 234:438(204) ack 719 win 7180 10:02:07.627269 IP OurIP-static-ip.OurISP.27885 > 74.125.3.228.http: . ack 438 win 65098 10:02:07.677918 IP OurIP-static-ip.OurISP.27885 > 74.125.3.228.http: P 719:1443(724) ack 438 win 65098 10:02:07.957021 IP 74.125.3.228.http > OurIP-static-ip.OurISP.27885: P 438:671(233) ack 1443 win 8688 10:02:07.957971 IP 74.125.3.228.http > OurIP-static-ip.OurISP.27885: P 671:1007(336) ack 1443 win 8688 10:02:07.958235 IP OurIP-static-ip.OurISP.27885 > 74.125.3.228.http: . ack 1007 win 64529 10:02:08.546976 IP OurIP-static-ip.OurISP > 96-31-250-193-static-ip.OurISP: ICMP echo request, id 39658, seq 2, length 64 10:02:08.547261 IP 96-31-250-193-static-ip.OurISP > OurIP-static-ip.OurISP: ICMP echo reply, id 39658, seq 2, length 64 10:02:09.547973 IP OurIP-static-ip.OurISP > 96-31-250-193-static-ip.OurISP: ICMP echo request, id 39658, seq 3, length 64 10:02:09.548301 IP 96-31-250-193-static-ip.OurISP > OurIP-static-ip.OurISP: ICMP echo reply, id 39658, seq 3, length 64 10:02:10.549008 IP OurIP-static-ip.OurISP > 96-31-250-193-static-ip.OurISP: ICMP echo request, id 39658, seq 4, length 64 10:02:10.549555 IP 96-31-250-193-static-ip.OurISP > OurIP-static-ip.OurISP: ICMP echo reply, id 39658, seq 4, length 64 10:02:11.736873 IP OurIP-static-ip.OurISP.28248 > by2msg1030116.gateway.edge.messenger.live.com.1863: P 296755253:296755258(5) ack 3691742574 win 64736 10:02:11.755035 IP by2msg1030116.gateway.edge.messenger.live.com.1863 > OurIP-static-ip.OurISP.28248: P 1:9(8) ack 5 win 65110 10:02:11.970909 IP OurIP-static-ip.OurISP.28248 > by2msg1030116.gateway.edge.messenger.live.com.1863: . ack 9 win 64728 10:02:12.434201 IP OurIP-static-ip.OurISP.20327 > resolver1.opendns.com.domain: 25273+ PTR? 109.16.4.64.in-addr.arpa. (42) 10:02:12.451674 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.20327: 25273 1/0/0 PTR[|domain] 10:02:19.824437 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . 4032:5484(1452) ack 5399 win 64671 10:02:19.824450 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 5484:5492(8) ack 5399 win 64671 10:02:19.824466 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 5492:5679(187) ack 5399 win 64671 10:02:19.852622 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 5492 win 17424 10:02:19.892645 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 5679 win 20328 10:02:19.939282 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: P 5399:5771(372) ack 5679 win 20328 10:02:19.941973 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: . 1266:2718(1452) ack 645 win 64891 10:02:19.941984 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 2718:2750(32) ack 645 win 64891 10:02:19.969220 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: . ack 2750 win 10164 10:02:20.032729 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: . 645:2097(1452) ack 2750 win 10164 10:02:20.034140 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: P 2097:2671(574) ack 2750 win 10164 10:02:20.034435 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 2671 win 65535 10:02:20.090116 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 474:599(125) ack 1 win 65153 10:02:20.090572 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 599:654(55) ack 1 win 65153 10:02:20.095256 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 5771 win 64299 10:02:20.225715 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: . 1850:3286(1436) ack 1099 win 64437 10:02:20.225768 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: P 3286:3959(673) ack 1099 win 64437 10:02:20.226188 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 1265:2384(1119) ack 645 win 64891 10:02:20.231615 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 1261:2381(1120) ack 440 win 65096 10:02:20.255391 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: . ack 3959 win 8190 10:02:20.262232 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.62557: P 645:1554(909) ack 2384 win 10071 10:02:20.266274 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: . 440:1892(1452) ack 2381 win 10080 10:02:20.270274 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: . 1892:3344(1452) ack 2381 win 10080 10:02:20.270893 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 3344 win 65535 10:02:20.272198 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: P 3344:3932(588) ack 2381 win 10080 10:02:20.276228 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: P 1099:2158(1059) ack 3959 win 32768 10:02:20.295968 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 654:779(125) ack 1 win 65153 10:02:20.296100 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 779:878(99) ack 1 win 65153 10:02:20.296227 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 878:1003(125) ack 1 win 65153 10:02:20.296299 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 1003:1058(55) ack 1 win 65153 10:02:20.376153 IP ats-mea.dial.aol.com.aol > OurIP-static-ip.OurISP.8779: . ack 654 win 16384 10:02:20.396991 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 1554 win 65535 10:02:20.497929 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 3932 win 64947 10:02:20.497942 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: . ack 2158 win 65535 10:02:20.581208 IP ats-mea.dial.aol.com.aol > OurIP-static-ip.OurISP.8779: . ack 1058 win 16384 10:02:28.021631 IP OurIP-static-ip.OurISP.40096 > turbotax.intuit.com.http: S 2543073265:2543073265(0) win 65535 <mss 1452,nop,nop,sackok="">10:02:28.036678 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.40096: S 244827812:244827812(0) ack 2543073266 win 4356 <mss 1460,sackok,eol="">10:02:28.036887 IP OurIP-static-ip.OurISP.40096 > turbotax.intuit.com.http: . ack 1 win 65535 10:02:28.058217 IP OurIP-static-ip.OurISP.40096 > turbotax.intuit.com.http: P 1:1229(1228) ack 1 win 65535 10:02:28.071692 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . 5679:7131(1452) ack 5771 win 64299 10:02:28.071704 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 7131:7139(8) ack 5771 win 64299 10:02:28.071716 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 7139:7334(195) ack 5771 win 64299 10:02:28.099692 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 7131 win 23232 10:02:28.099709 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 7139 win 23232 10:02:28.100770 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 7334 win 26136 10:02:28.112176 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.40096: P 1:718(717) ack 1229 win 5584 10:02:28.112192 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.40096: F 718:718(0) ack 1229 win 5584 10:02:28.112617 IP OurIP-static-ip.OurISP.40096 > turbotax.intuit.com.http: . ack 719 win 64818 10:02:28.138446 IP OurIP-static-ip.OurISP.40096 > turbotax.intuit.com.http: F 1229:1229(0) ack 719 win 64818 10:02:28.152937 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: S 4187904806:4187904806(0) win 65535 <mss 1452,nop,nop,sackok="">10:02:28.153169 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.40096: . ack 1230 win 5584 10:02:28.168112 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: S 807868080:807868080(0) ack 4187904807 win 4356 <mss 1460,sackok,eol="">10:02:28.168301 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 1 win 65535 10:02:28.169112 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: P 1:1025(1024) ack 1 win 65535 10:02:28.203775 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 1:1453(1452) ack 1025 win 5380 10:02:28.203791 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: P 1453:1461(8) ack 1025 win 5380 10:02:28.204448 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 1461 win 65527 10:02:28.207770 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 1461:2913(1452) ack 1025 win 5380 10:02:28.211771 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 2913:4365(1452) ack 1025 win 5380 10:02:28.212422 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 4365 win 62623 10:02:28.223278 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 4365:5817(1452) ack 1025 win 5380 10:02:28.227268 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 5817:7269(1452) ack 1025 win 5380 10:02:28.227912 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 7269 win 59719 10:02:28.230827 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 7269 win 59719 10:02:28.230914 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 7269 win 65535 10:02:28.231770 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 7269:8721(1452) ack 1025 win 5380 10:02:28.235770 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 8721:10173(1452) ack 1025 win 5380 10:02:28.236418 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 10173 win 62631 10:02:28.239842 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 10173:11625(1452) ack 1025 win 5380 10:02:28.243781 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 11625:13077(1452) ack 1025 win 5380 10:02:28.244426 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 13077 win 59727 10:02:28.249276 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 13077:14529(1452) ack 1025 win 5380 10:02:28.253276 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 14529:15981(1452) ack 1025 win 5380 10:02:28.253923 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 15981 win 56823 10:02:28.257276 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 15981:17433(1452) ack 1025 win 5380 10:02:28.261317 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 17433:18885(1452) ack 1025 win 5380 10:02:28.261966 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 18885 win 53919 10:02:28.262828 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 18885 win 55371 10:02:28.262947 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 18885 win 65535 10:02:28.270858 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: P 18885:20337(1452) ack 1025 win 5380 10:02:28.275278 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 20337:21789(1452) ack 1025 win 5380 10:02:28.275766 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 21789:23241(1452) ack 1025 win 5380 10:02:28.275968 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 21789 win 62631 10:02:28.278729 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: P 23241:24030(789) ack 1025 win 5380 10:02:28.278745 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: F 24030:24030(0) ack 1025 win 5380 10:02:28.279172 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 24030 win 60390 10:02:28.279183 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 24031 win 60390 10:02:28.334307 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 24031 win 61842 10:02:28.334484 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 24031 win 65535 10:02:28.451249 IP OurIP-static-ip.OurISP.29780 > resolver1.opendns.com.domain: 25274+ PTR? 246.161.149.12.in-addr.arpa. (45) 10:02:28.468692 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.29780: 25274 3/0/0[|domain] 10:02:28.469516 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: F 1025:1025(0) ack 24031 win 65535 10:02:28.484182 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . ack 1026 win 5380 10:02:29.204362 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: P 5771:6143(372) ack 7334 win 26136 10:02:29.207302 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: . 2750:4202(1452) ack 2671 win 65535 10:02:29.207317 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 4202:4234(32) ack 2671 win 65535 10:02:29.234884 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: . ack 4234 win 13068 10:02:29.293467 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: . 2671:4123(1452) ack 4234 win 13068 10:02:29.294362 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: P 4123:4531(408) ack 4234 win 13068 10:02:29.294836 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 4531 win 65535 10:02:29.348967 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 1058:1183(125) ack 1 win 65153 10:02:29.349277 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 1183:1238(55) ack 1 win 65153 10:02:29.350256 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 6143 win 65535 10:02:29.535089 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . 3974:5410(1436) ack 4183 win 65535 10:02:29.535117 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: P 5410:6125(715) ack 4183 win 65535 10:02:29.564382 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: . ack 6125 win 8190 10:02:29.571074 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: P 4183:5280(1097) ack 6125 win 32768 10:02:29.625869 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 1238:1363(125) ack 1 win 65153 10:02:29.626008 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 1363:1458(95) ack 1 win 65153 10:02:29.626193 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 1458:1583(125) ack 1 win 65153 10:02:29.626278 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 1583:1638(55) ack 1 win 65153 10:02:29.633988 IP ats-mea.dial.aol.com.aol > OurIP-static-ip.OurISP.8779: . ack 1238 win 16384 10:02:29.752620 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . ack 5280 win 64438 10:02:29.912028 IP ats-mea.dial.aol.com.aol > OurIP-static-ip.OurISP.8779: . ack 1638 win 16384 10:02:37.028461 IP OurIP-static-ip.OurISP.59438 > webcs123.msg.sp1.yahoo.com.mmcc: P 3912015979:3912016083(104) ack 867108649 win 64295 10:02:37.048327 IP webcs123.msg.sp1.yahoo.com.mmcc > OurIP-static-ip.OurISP.59438: P 1:113(112) ack 104 win 65535 10:02:37.215230 IP OurIP-static-ip.OurISP.59438 > webcs123.msg.sp1.yahoo.com.mmcc: . ack 113 win 64183 10:02:37.465382 IP 207.46.140.60.http > OurIP-static-ip.OurISP.39393: R 3201681733:3201681733(0) win 0 ^C</mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss>
-
Too much extraneous stuff. Can you run the tcpdump with '-n' also and pipe the output through grep for the IP you want?
-
I took the liberty of replacing my client's actual public IP (and network and gateway), and in the tcpdump I replaced the ISP's name with "OurISP" - actually, I find it easier to read this way anyway…
I don't see anything in the routing table that seems relevant to me; unfortunately, I'm not sure I entirely understand what I'm seeing in the tcpdump. As you can see, regular office traffic continues (including some that's probably unofficial, such as shopping at Best Buy! I'm not going to show this dump to the office manager, though...) I kept tcpcump running until the browser (that was trying to reach the Palmetto website) timed out, but other than the initial DNS request and response, I'm not sure I see ANYTHING relevant in the dump.
I'm still stumped. As I mentioned, if I bypass the pfSense box I can contact Palmetto just fine; that's not a workable solution, however...
-
Sorry - our posts crossed paths. Will do. I'm off-site right now and working via Putty, so my own traffic was mixed in; I removed that, but there's obviously still a lot of junk. I'll be on-site in about an hour; I'll do it then.
-
Sorry for the delay - I was checking and re-checking to make sure I hadn't missed anything; apparently I haven't. Here's the simplified tcpdump:
# tcpdump -i fxp1 -n tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp1, link-type EN10MB (Ethernet), capture size 96 bytes 13:01:40.949884 IP OurIP.57965 > 208.67.222.222.53: 55848+ A? www.palmettogba.com. (37) 13:01:40.949905 IP OurIP.57965 > 208.67.220.220.53: 55848+ A? www.palmettogba.com. (37) 13:01:40.967511 IP 208.67.222.222.53 > OurIP.57965: 55848 1/0/0 A 216.251.231.64 (53) 13:01:40.967533 IP 208.67.220.220.53 > OurIP.57965: 55848 1/0/0 A 216.251.231.64 (53)
And that's all she wrote.
-
Question: try pinging the IP again, then from your shell do 'clog /var/log/filter.log'. Anything show up? I am wondering if there is some kind of ICMP that is being blocked.
-
Question: try pinging the IP again, then from your shell do 'clog /var/log/filter.log'. Anything show up? I am wondering if there is some kind of ICMP that is being blocked.
Nothing whatsoever. I tried pinging from a command prompt on my laptop, and again from the Diagnostics menu, and again from the shell. Regardless, the ping times out - but it doesn't generate any activity in filter.log (there's plenty of other activity, of course, but nothing to do with 216.251.231.64)
-
Looking at your trace again, is very confusing. I thought you were pinging the IP, but I see it doing a DNS lookup, but then no traffic going to that IP address. Are you sure you are doing a ping on the numeric IP while running tcpdump?
-
When I ping the numeric IP, absolutely nothing is generated in the WAN-interface tcpdump.
Methodology:
-
in pfSense shell via Putty, run tcpdump -i fxp1 -n
-
in CMD prompt, run ping (either www.palmettogba.com or 216.251.231.61)
-
switch back to Putty, keeping an eye on the CMD prompt.
-
as soon as the ping times out, press Ctrl-C to kill tcpdump.
Does it seem reasonable?
-
-
It seems reasonable, but as suggested earlier, use the IP address to keep the DNS transactions out of the trace.
I presume by CMD prompt you mean the pfSense Diagnostics -> Command facility rather than a command on another system. If so, you should include a count so the ping command will terminate (e.g.
ping -c 5 216.251.231.61
).
For what its worth, I've just tried to connect to the web server at 216.251.231.61 by typing http://216.251.231.61 into a web browser location box and it timed out
I tried pinging 216.251.231.61 and got no reply in 5 attempts.
I tried changing the last byte of the address from 59 to 63 and only 63 replies.
I tried a traceroute to 216.251.231.61 and it showed many intermediate systems (up to the 30th) but 31 to 64 were all "unknown". Earlier you reported a traceroute on pfSense showing "line after line of '* * *' " but what about the first few entries?
I've also noticed that you initially reported a problem with 216.251.231.64 and your last post referenced 216.251.231.61. Typing mistake in your most recent reply?
I can connect from my web browser (downstream of a pfSense box) to 216.251.231.64. I tried a traceroute to 216.251.231.64 and again the last non "* * *' entry is the 30th.
I think we need to verify that when you access from pfSense whatever your desired target is, that the packet goes out the correct interface. And if it doesn't go out the correct interface find out why. I think danswartz's suggestions are also targeted on verifying the packet goes out the correct interface.
-
I am confused too. I can ping 216.251.231.64 but not 216.251.231.61.
-
Yes, it was a typo. Sorry for the red herring; I should just have said "numeric IP". The correct IP address is 216.251.231.64.
"CMD prompt": I meant the "DOS box" on my Windows 7 laptop: literally the command prompt you get when you run CMD.exe; I'm sorry I wasn't clear. I will refer to it as "DOS" from now on; although that's not correct, I suspect it's less prone to misinterpretation. In any case, the Windows ping defaults to three tries and out, and that's how I was running it.
So let me try again. On my (Windows) laptop, I open a Putty session to the pfSense shell and a (Windows) command prompt. I run tcpdump in the Putty session and ping in the DOS box. When I try to ping using the domain name, tcpdump shows the DNS transactions and then nothing more. When I try to ping using the numeric IP (see what I did there?), tcpdump shows no activity at all. (In both cases, I mean "no activity related to what I'm doing"; people were still surfing the web, checking email, etc.)
Regarding which interface the packet goes out: just for giggles, I ran a tcpdump on the LAN interface (LAN is fxp0; WAN is fxp1). As you might expect, there was a flurry of traffic between my laptop and pfSense, but I did not see any packets addressed to 216.251.231.64. If pfSense is routing packets addressed to 216.251.231.64 through a different interface (but not packets addressed to 216.251.231.63, which I am able to reach), shouldn't there be a file or setting somewhere to specify that? Essentially, that was my initial question, and it's still what I'm puzzling over.
Regarding traceroute: When I run it from DOS, the first line shows that I've reached the pfSense box; after that, only "* * " until it times out. When I run it from either the pfSense shell, or the Diagnostics menu in the WebGUI, I get nothing but " * *". Just now, running it from DOS at home, the trace completed in 21 hops (including my own router).
-
Regarding which interface the packet goes out: just for giggles, I ran a tcpdump on the LAN interface (LAN is fxp0; WAN is fxp1). As you might expect, there was a flurry of traffic between my laptop and pfSense, but I did not see any packets addressed to 216.251.231.64.
Do you realise the significance of "did not see any packets addressed to 216.251.231.64"?
You have just said you did not see any (that would include incoming!) packets addressed to 216.251.231.64. That implies your laptop is not sending them OR the physical connection is seriously broken!
If the ping works when your laptop is "directly connected" to the T1 how does the laptop get its IP address? How does the laptop gets its IP address when its connected to pfSense? Do both the laptop and pfSense think they are on the same subnet in the latter case? (If not, your configuration is broken.) How will the laptop know to route 216.251.231.64 to pSense? If you are using static IPs anywhere did you restart your laptop when you changed what it was connected to? (If you didn't, how can you be sure it wasn't using stale network information?)
You say you have disabled checksum offloading at some stage. If you aren't running with checksum offloading you should do so until further notice. (There is a known problem in the FreeBSD fxp driver that it erroneously thinks some fxps have checksum offload capability.)
-
OK, I think I finally might be on to something, but how it happened or how to fix it are still unanswered questions…
The office is closed today, so I'm working from home; as such, I don't have physical access to the LAN interface. So as an experiment, I opened two SSH sessions in separate windows; I presume that in this case all traffic between my machine and pfSense would be over the WAN interface? In any case, in the first session I ran tcpdump on the LAN interface, and in the second I tried to ping Palmetto. Result? In the tcpdump I get lots and lots of entries like this:
10:46:29.182937 arp who-has 216.251.231.64 tell 192.168.33.1 10:46:30.183472 arp who-has 216.251.231.64 tell 192.168.33.1
192.168.33.0 is the net I reserved for OpenVPN "road warriors". I changed the OpenVPN net to 192.168.35.0 and tried the same experiment; the result was pretty much the same:
11:13:18.106462 arp who-has 216.251.231.64 tell 192.168.35.1 11:13:19.107454 arp who-has 216.251.231.64 tell 192.168.35.1
I then disabled the OpenVPN tunnel and tried again - all packets went through! No traffic was generated on the LAN interface (as I expected - why should it be?), and a tcpdump on the WAN interface looks normal - at least as far as I'm able to recognize "normal". I re-enabled OpenVPN, and once again Palmetto is unreachable. I'm leaving it that way for now, because the doctors need to use the system over the holiday but the billing department doesn't need to reach Palmetto until Monday…
My next experiment, I suppose, would be to delete the OpenVPN tunnel entirely and create a new one. I'm reluctant to do that (unless I know that it will be a permanent fix) because I would need to re-generate and re-distribute certificates.
Assumption: Somewhere in the bowels of pfSense there is a setting that says "route all packets intended for Palmetto over OpenVPN".
Questions: Where would I find this setting? Why would it have spontaneously changed over Xmas weekend?
If anyone has any suggestions as to where I might look, I would be much obliged.
-
If the ping works when your laptop is "directly connected" to the T1 how does the laptop get its IP address? How does the laptop gets its IP address when its connected to pfSense? Do both the laptop and pfSense think they are on the same subnet in the latter case? (If not, your configuration is broken.) How will the laptop know to route 216.251.231.64 to pSense? If you are using static IPs anywhere did you restart your laptop when you changed what it was connected to? (If you didn't, how can you be sure it wasn't using stale network information?)
You say you have disabled checksum offloading at some stage. If you aren't running with checksum offloading you should do so until further notice. (There is a known problem in the FreeBSD fxp driver that it erroneously thinks some fxps have checksum offload capability.)
Direct connection: When I attached directly to the T1, I configured my IP/netmask/gateway/DNS manually, to the same settings as the pfSense WAN interface. When I attach to the LAN, I use DHCP. Really, it ain't rocket surgery.
Checksum offloading: What I was trying to say was that I had tried both checking and unchecking BEFORE upgrading to 1.2.3Release, and it had not made a difference either way; and then AFTER the upgrade I had tried it both ways, with again no difference. However, I did read the release notes and have left it checked, as recommended. In any case, I'm pretty sure that this issue didn't have anything to do with checksum offloading…
-
Well, this is the first we are hearing that openvpn is involved. One smoking gun is a host on the LAN subnet trying to ARP for a remote host. That is most likely the root of the problem. As to why, dunno.