Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Amazon Kindle 3 Blocked by pfSense

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    21 Posts 6 Posters 9.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wallabybob
      last edited by

      @cwagz:

      Would using pfSense 1.2.3 likely solve the problem or am I stuck with Linux based solutions?

      I find it pretty hard to say without more information about the problem. For example I understand the Kindles can come with WiFi and/or 3G. Presumably you are referring to a Kindle using WiFi. Is the WiFi encrypted? What is the Access Point (if any)? Does the Kindle get an IP address from the Access Point? Does it get a ping response from pfSense? Is there anything unexpected in the firewall logs? etc.

      1 Reply Last reply Reply Quote 0
      • cwagzC
        cwagz
        last edited by

        @wallabybob:

        I find it pretty hard to say without more information about the problem. For example I understand the Kindles can come with WiFi and/or 3G. Presumably you are referring to a Kindle using WiFi. Is the WiFi encrypted? What is the Access Point (if any)? Does the Kindle get an IP address from the Access Point? Does it get a ping response from pfSense? Is there anything unexpected in the firewall logs? etc.

        The Kindle was in WiFi mode.
        WiFi is through a Netgear WNDR3700 with WPA2-AES
        Kindle receives IP from pfSense 2.0 through AP
        Kindle can surf the net and the store over WiFi on pfSense 2.0
        Kindle cannot authenticate with Amazon to download a book or synchronize
        Saw some port 443 traffic being blocked in the firewall logs as I mentioned above.  I put PASS rules in for these but still no dice.

        Installed latest 2.0 from CD - Same Issue
        Setup WNDR3700 as Router / Firewall and took pfSense offline - Worked fine without any changes to the WiFi settings
        Setup Smoothwall and placed WNDR3700 back as AP with same WiFi settings - Worked fine
        Setup pfSense 1.2.3 from CD - Works fine with same WiFi setup…

        I am up and running on pfSense 1.2.3 now and all is well - faster than Smoothwall it seems to me and the Kindles are still able to authenticate with Amazon - No rules were needed either.

        I am at a lose as to what could have caused the Kindle / Amazon connection issue with 2.0 but hope the information will help the developers.

        Chad

        Netgate 6100 MAX

        1 Reply Last reply Reply Quote 0
        • cwagzC
          cwagz
          last edited by

          Any more ideas on this?  I recently went back to the latest snapshot (2.0 2.0-BETA4 (i386) built on Sat Dec 18 19:57:37 EST 2010) and the Kindle still cannot sync with Amazon's server.

          Here is a packet capture from when I try to sync and download a book…

          01:08:10.901850 IP 192.168.1.108.59198 > 192.168.1.1.53: UDP, length 46
01:08:10.912628 IP 192.168.1.1.53 > 192.168.1.108.59198: UDP, length 174
01:08:12.693613 IP 192.168.1.108.47943 > 72.21.214.129.443: tcp 1460
01:08:13.322822 IP 192.168.1.108.58909 > 184.73.176.177.49317: UDP, length 149
01:08:31.254680 IP 192.168.1.108.47943 > 72.21.214.129.443: tcp 1460
01:08:39.527061 IP 192.168.1.108.33724 > 192.168.1.1.53: UDP, length 46
01:08:39.528214 IP 192.168.1.1.53 > 192.168.1.108.33724: UDP, length 174
01:08:40.323604 IP 192.168.1.108.58909 > 184.73.176.177.49317: UDP, length 149
01:08:40.330963 IP 192.168.1.108.34993 > 192.168.1.1.53: UDP, length 32
01:08:40.340013 IP 192.168.1.1.53 > 192.168.1.108.34993: UDP, length 48
01:08:40.342450 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:40.424851 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 0
01:08:40.426033 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:40.444787 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 55
01:08:40.527573 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 1460
01:08:40.527749 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 1460
01:08:40.527841 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 34
01:08:40.529469 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:40.530344 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:40.530446 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:40.688627 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 139
01:08:40.698640 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 6
01:08:40.705879 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 53
01:08:40.769812 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 0
01:08:40.779822 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 0
01:08:40.787415 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 0
01:08:40.787521 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 59
01:08:40.796327 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:40.823939 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 485
01:08:40.831188 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 357
01:08:40.904846 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 0
01:08:40.912428 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 0
01:08:43.377543 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 997
01:08:43.377702 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.377786 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 1460
01:08:43.377881 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 497
01:08:43.377960 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.378033 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.378110 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 1460
01:08:43.378191 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 785
01:08:43.379876 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.384819 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.384904 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 1460
01:08:43.384987 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 33
01:08:43.385062 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.385137 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.385219 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 1460
01:08:43.385309 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 1460
01:08:43.387619 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 1277
01:08:43.387717 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.387797 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.533284 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.543260 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.544741 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.547378 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.550619 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.552506 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.552985 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.553236 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.554736 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.554984 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.555235 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.555326 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.555483 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.615044 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 1460
01:08:43.615135 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 1460
01:08:43.615227 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 29
01:08:43.615302 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.615374 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.621445 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.623197 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.623443 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.623531 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.623816 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.627511 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 1460
01:08:43.627597 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 401
01:08:43.627675 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.627750 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.627829 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 1301
01:08:43.627909 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.627986 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.628061 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.628147 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.628222 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 37
01:08:43.629440 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.630564 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.630690 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.631689 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.631940 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.632051 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.632435 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.632939 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.633566 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.634312 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:43.637517 IP 72.21.211.176.443 > 192.168.1.108.39306: tcp 1460
01:08:43.671936 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:59.243002 IP 192.168.1.108.39306 > 72.21.211.176.443: tcp 0
01:08:59.250363 IP 192.168.1.108.47943 > 72.21.214.129.443: tcp 0
01:08:59.392158 IP 192.168.1.108.68 > 192.168.1.1.67: UDP, length 548
01:09:11.071332 IP 192.168.1.1.67 > 192.168.1.108.68: UDP, length 302

          The Kindle works fine without any changes with pfSense 1.2.3.  Let me know what I can do to help troubleshoot this issue as it may affect more than just the Kindle.

          Thanks…

          Netgate 6100 MAX

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Attach a full packet capture of all the traffic to/from the Kindle when it happens.

            1 Reply Last reply Reply Quote 0
            • cwagzC
              cwagz
              last edited by

              CMB,

              Here is a full packet capture (hope I did this right) that was taken while trying to sync to Amazon.

              
22:56:48.320523 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.1 tell 192.168.1.108, length 46
22:56:48.320589 00:1b:21:2d:ea:a4 > 28:ef:01:47:2b:68, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.1 is-at 00:1b:21:2d:ea:a4, length 28
22:56:53.026687 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 88: (tos 0x0, ttl 64, id 10432, offset 0, flags [DF], proto UDP (17), length 74)
    192.168.1.108.52720 > 192.168.1.1.53: [udp sum ok] 11855+ A? dogvgb9ujhybx.cloudfront.net. (46)
22:56:53.038182 00:1b:21:2d:ea:a4 > 28:ef:01:47:2b:68, ethertype IPv4 (0x0800), length 216: (tos 0x0, ttl 64, id 1760, offset 0, flags [none], proto UDP (17), length 202)
    192.168.1.1.53 > 192.168.1.108.52720: [udp sum ok] 11855 q: A? dogvgb9ujhybx.cloudfront.net. 8/0/0 dogvgb9ujhybx.cloudfront.net. A 216.137.45.123, dogvgb9ujhybx.cloudfront.net. A 216.137.45.242, dogvgb9ujhybx.cloudfront.net. A 216.137.45.118, dogvgb9ujhybx.cloudfront.net. A 216.137.45.29, dogvgb9ujhybx.cloudfront.net. A 216.137.45.35, dogvgb9ujhybx.cloudfront.net. A 216.137.45.161, dogvgb9ujhybx.cloudfront.net. A 216.137.45.101, dogvgb9ujhybx.cloudfront.net. A 216.137.45.181 (174)
22:56:58.400733 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 64, id 30977, offset 0, flags [DF], proto TCP (6), length 1500)
    192.168.1.108.48930 > 72.21.214.129.443: Flags [.], cksum 0x7b89 (correct), seq 3120133706:3120135166, ack 2182726147, win 455, length 1460
22:56:58.613152 00:1b:21:2d:ea:a4 > 28:ef:01:47:2b:68, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 242, id 30178, offset 0, flags [DF], proto TCP (6), length 40)
    72.21.194.2.443 > 192.168.1.108.59167: Flags [R.], cksum 0x005d (correct), seq 3270780324, ack 1057533559, win 9300, length 0
22:57:09.960727 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 88: (tos 0x0, ttl 64, id 12126, offset 0, flags [DF], proto UDP (17), length 74)
    192.168.1.108.33339 > 192.168.1.1.53: [udp sum ok] 6974+ A? dogvgb9ujhybx.cloudfront.net. (46)
22:57:09.961921 00:1b:21:2d:ea:a4 > 28:ef:01:47:2b:68, ethertype IPv4 (0x0800), length 216: (tos 0x0, ttl 64, id 39617, offset 0, flags [none], proto UDP (17), length 202)
    192.168.1.1.53 > 192.168.1.108.33339: [udp sum ok] 6974 q: A? dogvgb9ujhybx.cloudfront.net. 8/0/0 dogvgb9ujhybx.cloudfront.net. A 216.137.45.181, dogvgb9ujhybx.cloudfront.net. A 216.137.45.101, dogvgb9ujhybx.cloudfront.net. A 216.137.45.161, dogvgb9ujhybx.cloudfront.net. A 216.137.45.35, dogvgb9ujhybx.cloudfront.net. A 216.137.45.29, dogvgb9ujhybx.cloudfront.net. A 216.137.45.118, dogvgb9ujhybx.cloudfront.net. A 216.137.45.242, dogvgb9ujhybx.cloudfront.net. A 216.137.45.123 (174)
22:57:10.237323 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 12153, offset 0, flags [DF], proto UDP (17), length 64)
    192.168.1.108.33761 > 192.168.1.1.53: [udp sum ok] 55696+ A? cde-g7g.amazon.com. (36)
22:57:10.277034 00:1b:21:2d:ea:a4 > 28:ef:01:47:2b:68, ethertype IPv4 (0x0800), length 94: (tos 0x0, ttl 64, id 31649, offset 0, flags [none], proto UDP (17), length 80)
    192.168.1.1.53 > 192.168.1.108.33761: [udp sum ok] 55696 q: A? cde-g7g.amazon.com. 1/0/0 cde-g7g.amazon.com. A 72.21.211.177 (52)
22:57:10.283178 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 64224, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.1.108.46357 > 72.21.211.177.443: Flags [s], cksum 0x8fe2 (correct), seq 126408094, win 5840, options [mss 1460,sackOK,TS val 12158 ecr 0,nop,wscale 4], length 0
22:57:10.318318 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 191: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 177)
    192.168.1.108.51070 > 184.73.176.177.49317: [udp sum ok] UDP, length 149
22:57:10.365646 00:1b:21:2d:ea:a4 > 28:ef:01:47:2b:68, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 242, id 64256, offset 0, flags [DF], proto TCP (6), length 48)
    72.21.211.177.443 > 192.168.1.108.46357: Flags [S.], cksum 0x934e (correct), seq 2140135257, ack 126408095, win 8190, options [mss 1460,nop,wscale 6], length 0
22:57:10.428481 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 64225, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.1.108.46357 > 72.21.211.177.443: Flags [.], cksum 0xdda9 (correct), seq 1, ack 1, win 365, length 0
22:57:10.637855 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 171: (tos 0x0, ttl 64, id 64226, offset 0, flags [DF], proto TCP (6), length 157)
    192.168.1.108.46357 > 72.21.211.177.443: Flags [P.], cksum 0xe58c (correct), seq 1:118, ack 1, win 365, length 117
22:57:10.720445 00:1b:21:2d:ea:a4 > 28:ef:01:47:2b:68, ethertype IPv4 (0x0800), length 769: (tos 0x0, ttl 242, id 59453, offset 0, flags [DF], proto TCP (6), length 755)
    72.21.211.177.443 > 192.168.1.108.46357: Flags [P.], cksum 0xe465 (correct), seq 1:716, ack 118, win 553, length 715
22:57:10.723165 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 64227, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.1.108.46357 > 72.21.211.177.443: Flags [.], cksum 0xda0f (correct), seq 118, ack 716, win 455, length 0
22:57:10.780258 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 64, id 64228, offset 0, flags [DF], proto TCP (6), length 1500)
    192.168.1.108.46357 > 72.21.211.177.443: Flags [.], cksum 0xcf9b (correct), seq 118:1578, ack 716, win 455, length 1460
22:57:10.788138 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 254: (tos 0x0, ttl 64, id 64229, offset 0, flags [DF], proto TCP (6), length 240)
    192.168.1.108.46357 > 72.21.211.177.443: Flags [P.], cksum 0x49a9 (correct), seq 1578:1778, ack 716, win 455, length 200
22:57:10.898686 00:1b:21:2d:ea:a4 > 28:ef:01:47:2b:68, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 242, id 61326, offset 0, flags [DF], proto TCP (6), length 40)
    72.21.211.177.443 > 192.168.1.108.46357: Flags [.], cksum 0xd9ad (correct), seq 716, ack 118, win 553, length 0
22:57:11.068338 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 64, id 64230, offset 0, flags [DF], proto TCP (6), length 1500)
    192.168.1.108.46357 > 72.21.211.177.443: Flags [.], cksum 0xcf9b (correct), seq 118:1578, ack 716, win 455, length 1460
22:57:11.652272 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 64, id 64231, offset 0, flags [DF], proto TCP (6), length 1500)
    192.168.1.108.46357 > 72.21.211.177.443: Flags [.], cksum 0xcf9b (correct), seq 118:1578, ack 716, win 455, length 1460
22:57:12.811964 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 64, id 64232, offset 0, flags [DF], proto TCP (6), length 1500)
    192.168.1.108.46357 > 72.21.211.177.443: Flags [.], cksum 0xcf9b (correct), seq 118:1578, ack 716, win 455, length 1460
22:57:13.671998 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 88: (tos 0x0, ttl 64, id 12497, offset 0, flags [DF], proto UDP (17), length 74)
    192.168.1.108.57643 > 192.168.1.1.53: [udp sum ok] 27981+ A? dogvgb9ujhybx.cloudfront.net. (46)
22:57:13.673183 00:1b:21:2d:ea:a4 > 28:ef:01:47:2b:68, ethertype IPv4 (0x0800), length 216: (tos 0x0, ttl 64, id 4084, offset 0, flags [none], proto UDP (17), length 202)
    192.168.1.1.53 > 192.168.1.108.57643: [udp sum ok] 27981 q: A? dogvgb9ujhybx.cloudfront.net. 8/0/0 dogvgb9ujhybx.cloudfront.net. A 216.137.45.123, dogvgb9ujhybx.cloudfront.net. A 216.137.45.181, dogvgb9ujhybx.cloudfront.net. A 216.137.45.101, dogvgb9ujhybx.cloudfront.net. A 216.137.45.161, dogvgb9ujhybx.cloudfront.net. A 216.137.45.35, dogvgb9ujhybx.cloudfront.net. A 216.137.45.29, dogvgb9ujhybx.cloudfront.net. A 216.137.45.118, dogvgb9ujhybx.cloudfront.net. A 216.137.45.242 (174)
22:57:15.129777 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 64, id 64233, offset 0, flags [DF], proto TCP (6), length 1500)
    192.168.1.108.46357 > 72.21.211.177.443: Flags [.], cksum 0xcf9b (correct), seq 118:1578, ack 716, win 455, length 1460
22:57:19.771727 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 64, id 64234, offset 0, flags [DF], proto TCP (6), length 1500)
    192.168.1.108.46357 > 72.21.211.177.443: Flags [.], cksum 0xcf9b (correct), seq 118:1578, ack 716, win 455, length 1460
22:57:29.049686 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 64, id 64235, offset 0, flags [DF], proto TCP (6), length 1500)
    192.168.1.108.46357 > 72.21.211.177.443: Flags [.], cksum 0xcf9b (correct), seq 118:1578, ack 716, win 455, length 1460
22:57:34.046411 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.1 tell 192.168.1.108, length 46
22:57:34.046458 00:1b:21:2d:ea:a4 > 28:ef:01:47:2b:68, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.1 is-at 00:1b:21:2d:ea:a4, length 28
22:57:37.316661 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 191: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 177)
    192.168.1.108.51070 > 184.73.176.177.49317: [udp sum ok] UDP, length 149
22:57:44.810744 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 88: (tos 0x0, ttl 64, id 15611, offset 0, flags [DF], proto UDP (17), length 74)
    192.168.1.108.38555 > 192.168.1.1.53: [udp sum ok] 34146+ A? dogvgb9ujhybx.cloudfront.net. (46)
22:57:44.811954 00:1b:21:2d:ea:a4 > 28:ef:01:47:2b:68, ethertype IPv4 (0x0800), length 216: (tos 0x0, ttl 64, id 30332, offset 0, flags [none], proto UDP (17), length 202)
    192.168.1.1.53 > 192.168.1.108.38555: [udp sum ok] 34146 q: A? dogvgb9ujhybx.cloudfront.net. 8/0/0 dogvgb9ujhybx.cloudfront.net. A 216.137.45.242, dogvgb9ujhybx.cloudfront.net. A 216.137.45.123, dogvgb9ujhybx.cloudfront.net. A 216.137.45.181, dogvgb9ujhybx.cloudfront.net. A 216.137.45.101, dogvgb9ujhybx.cloudfront.net. A 216.137.45.161, dogvgb9ujhybx.cloudfront.net. A 216.137.45.35, dogvgb9ujhybx.cloudfront.net. A 216.137.45.29, dogvgb9ujhybx.cloudfront.net. A 216.137.45.118 (174)
22:57:47.610635 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 64, id 64236, offset 0, flags [DF], proto TCP (6), length 1500)
    192.168.1.108.46357 > 72.21.211.177.443: Flags [.], cksum 0xcf9b (correct), seq 118:1578, ack 716, win 455, length 1460
22:58:04.317681 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 191: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 177)
    192.168.1.108.51070 > 184.73.176.177.49317: [udp sum ok] UDP, length 149
22:58:09.317189 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.1 tell 192.168.1.108, length 46
22:58:09.317234 00:1b:21:2d:ea:a4 > 28:ef:01:47:2b:68, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.1 is-at 00:1b:21:2d:ea:a4, length 28
22:58:10.079750 28:ef:01:47:2b:68 > 00:1b:21:2d:ea:a4, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 64, id 30978, offset 0, flags [DF], proto TCP (6), length 1500)
    192.168.1.108.48930 > 72.21.214.129.443: Flags [.], cksum 0x7b89 (correct), seq 0:1460, ack 1, win 455, length 1460

[/s]

              Netgate 6100 MAX

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                the whole pcap file, not just the text output. If you do it via Diag>Packet Capture, you can click the "Download" button after you're finished and it'll give you the pcap. You may not be able to attach that here, you can email it to me (cmb at pfsense dot org) with a link to this thread so I know what it's referencing.

                1 Reply Last reply Reply Quote 0
                • cwagzC
                  cwagz
                  last edited by

                  CMB,

                  I emailed the packetcapture.cap file to you as requested.  While the capture was running I tried several times to get the Kindle to Sync.  I also rebooted the Kindle and then tried to sync again.

                  Regards,
                  Chad

                  Netgate 6100 MAX

                  1 Reply Last reply Reply Quote 0
                  • thedaveCAT
                    thedaveCA
                    last edited by

                    What version of the Kindle OS?  Prior to 3.0.3, there is an issue if your DNS server is in the same subnet as the Kindle but not located on the default gateway.  In this situation the Kindle sends the packets to the default gateway instead of the correct DNS server, then displays a relatively useless error message.

                    If this describes your network, either upgrade to 3.0.3 pre-release from http://www.amazon.com/gp/help/customer/display.html/?nodeId=200529700 (installable via USB cable), or hardcode a wifi IP, the appropriate default gateway and either your pfSense box (if you run DNS forwarder) or 8.8.8.8 (Google DNS) as a DNS server.

                    1 Reply Last reply Reply Quote 0
                    • cwagzC
                      cwagz
                      last edited by

                      Insert Quote
                      What version of the Kindle OS?  Prior to 3.0.3, there is an issue if your DNS server is in the same subnet as the Kindle but not located on the default gateway.  In this situation the Kindle sends the packets to the default gateway instead of the correct DNS server, then displays a relatively useless error message.

                      If this describes your network, either upgrade to 3.0.3 pre-release from http://www.amazon.com/gp/help/customer/display.html/?nodeId=200529700 (installable via USB cable), or hardcode a wifi IP, the appropriate default gateway and either your pfSense box (if you run DNS forwarder) or 8.8.8.8 (Google DNS) as a DNS server.

                      Thanks for the reply.  The first thing I did when trying to troubleshoot this was update the Kindles to version 3.0.3.

                      I just tried hardcoding the network information on the kindle and using the google DNS server.  No luck.

                      Default pfSense 2.0 setup - Kindle can browse store but cannot sync or download books on WiFi.

                      Default pfSense 1.2.3 setup - Kindle works fine.

                      Netgate 6100 MAX

                      1 Reply Last reply Reply Quote 0
                      • thedaveCAT
                        thedaveCA
                        last edited by

                        In that case I don't have much else to suggest.  We've got a couple Kindle 3s on 3.0.3 here, initially on pfSense 1.2.3 and now on 2.0-BETA4 (Built On: Thu Dec 23 13:17:58 EST 2010), both work fine.

                        My device is wifi-only so there's no possibility of a 3G failover or anything else happening, things "just work"

                        1 Reply Last reply Reply Quote 0
                        • cwagzC
                          cwagz
                          last edited by

                          @The:

                          In that case I don't have much else to suggest.  We've got a couple Kindle 3s on 3.0.3 here, initially on pfSense 1.2.3 and now on 2.0-BETA4 (Built On: Thu Dec 23 13:17:58 EST 2010), both work fine.

                          My device is wifi-only so there's no possibility of a 3G failover or anything else happening, things "just work"

                          Mine are both wifi + 3G…  But they don't failover I have to turn wifi off in order to download books with 2.0.  Since yours are working I had better clean install the latest 2.0 and try again...

                          Thanks again and Merry Christmas, Happy New Year

                          Netgate 6100 MAX

                          1 Reply Last reply Reply Quote 0
                          • D
                            danswartz
                            last edited by

                            I just got a kindle3 wifi for christmas and it too works fine with 2.0.

                            1 Reply Last reply Reply Quote 0
                            • cwagzC
                              cwagz
                              last edited by

                              @danswartz:

                              I just got a kindle3 wifi for christmas and it too works fine with 2.0.

                              Are you able to actually download books over wifi?  I can browse the store and buy them, but the download just sits forever at "pending"…  On pfSense 1.2.3 the download would authenticate and occur instantly.

                              Netgate 6100 MAX

                              1 Reply Last reply Reply Quote 0
                              • thedaveCAT
                                thedaveCA
                                last edited by

                                I tested delivering a book sent via email, and also downloading a new book (although it was already purchased and downloaded to another Kindle on our account, but had never been downloaded to my Kindle yet)

                                So at least in my case, yes, downloading books works as does synchronizing (to update my place across devices)

                                1 Reply Last reply Reply Quote 0
                                • D
                                  danswartz
                                  last edited by

                                  Working fine here - of course I don't have the 3G kindle, so that is one less variable…

                                  1 Reply Last reply Reply Quote 0
                                  • C
                                    cmb
                                    last edited by

                                    @cwagz:

                                    I emailed the packetcapture.cap file to you as requested.  While the capture was running I tried several times to get the Kindle to Sync.  I also rebooted the Kindle and then tried to sync again.

                                    From the packet capture, I can see packet loss but no indications as to where that's occurring. The Kindle is retransmitting several times and not getting any response. Repeat that capture on the WAN instead, and minimize any other Internet traffic as you can't easily filter that down to just the Kindle's traffic, and send me that pcap.

                                    1 Reply Last reply Reply Quote 0
                                    • cwagzC
                                      cwagz
                                      last edited by

                                      @cmb:

                                      From the packet capture, I can see packet loss but no indications as to where that's occurring. The Kindle is retransmitting several times and not getting any response. Repeat that capture on the WAN instead, and minimize any other Internet traffic as you can't easily filter that down to just the Kindle's traffic, and send me that pcap.

                                      CMB - I am a little new to all of this.  Would I set the IP to capture as the gateway address (ie. 192.168.1.1) or my actual public IP address supplied by the ISP?

                                      Thanks,

                                      Netgate 6100 MAX

                                      1 Reply Last reply Reply Quote 0
                                      • A
                                        Accounts
                                        last edited by

                                        Public side would be your WAN interface AKA yes the real IP assigned by your ISP to you WAN on the pfsense box. Need to see if pfsense is sending those packed out to Amazons server.

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.