Error 64 Host Down
-
My first guess is you may have a grossly wrong subnet mask on one of your interfaces, like if you have a /1 or a /4 or anything else that's way too big it'll think a big chunk of the Internet should be locally reachable and it of course isn't. Verify your subnet mask on all interfaces is correct.
-
i verify my default wan is in static connection and opt connection is dynamic pppoe connection and lan is 192.168.2.0/24
-
Are you using load balancing or fail over?
You could try switching the default wan to the pppoe connection. If it is a subnet mask problem its much more likely to be on the static connection.
What is the history of these connections? Are you setting this up from scratch or replacing something with pfSense?Steve
-
ya i was try switching the connection and also no fail over. I have some Diagnostic about the web site www.apparelntextile.com its ip is 118.67.248.134
tcp 115.115.82.139:21897 -> 118.67.248.134:80 SYN_SENT:CLOSED
tcp 115.115.82.139:21899 -> 118.67.248.134:80 SYN_SENT:CLOSED
tcp 115.115.82.139:21900 -> 118.67.248.134:80 SYN_SENT:CLOSED
tcp 115.115.82.139:21910 -> 118.67.248.134:80 SYN_SENT:CLOSED
tcp 115.115.82.139:21911 -> 118.67.248.134:80 SYN_SENT:CLOSED
tcp 115.115.82.139:21912 -> 118.67.248.134:80 SYN_SENT:CLOSED
tcp 115.115.82.139:21923 -> 118.67.248.134:80 SYN_SENT:CLOSED
tcp 115.115.82.139:21924 -> 118.67.248.134:80 SYN_SENT:CLOSED
tcp 115.115.82.139:21925 -> 118.67.248.134:80 SYN_SENT:CLOSED
-
Some websites really don't play nicely with load balancing.
Try disabling it or try switching the default WAN as I suggested.Steve
-
As you mention i use to disable wan and use pppoe opt wan but still the error comes.Then i use only wan; no opt wan,no load balancing, no fail over but no solution also i use to chk 8.8.8.8 and 8.8.4.4 dns . Here my opinion that something is blocking the traffic in pfsense to this website.Is there anything that i diagnosis the pf-sense traffic????
Thanks
Hemant -
Are you still running squid proxy? Try disabling it.
Steve
-
ya i chk it disabling the proxy server then its shows "The server at apparelntextile.com is taking too long to respond."
-
You may have to reset the firewall states so that traffic is not sent via squid.
Diagnostics: States: Reset states:Steve
-
If i reset it then all settings will remove from firewall rules and port forwarding ??
-
No.
This will just reset states, no configuration changes will occur… -
ok now i try it stop my squid server service reset firewall rules but i have same problem. But now i can browse www.rediff.com not the www.apparelntextile.com. Is any thing that i can bypass the the pfsense all rules for the particular web sites for ex. www.apparelntextile.com
-
If you find out what is causing the problem you can put rules in place to avoid it. You can exclude specific sites from being cached or use a single wan for example. Since you disabled both these things it must be something else. :-\
Steve
-
lots of thanks Steve and maverick ; I will last try on weekends that reinstalling pfsense using single wan without squid server and then try it. If its works then i will go with pfsense or i will remains with my old one ipcop. :(
Thanks again
-
Take it one step at a time.
Start with the most basic install you can, one WAN one LAN no proxy. Check everything is working.
Add features one at a time testing in between each addition.Steve
-
ok thanks if it's success i will post.
-
i chk in Diagnostics: Tables then i see that
112.0.0.0/5
175.100.137.104
192.168.2.0/24
but the 112.0.0.0/5 is not belongs from any network so is this can affect the firewall to opening the some sites?
-
Hmm. Negate_networks should contain static routes, vpns and directly connected networks.
Have you added this subnet anywhere?112.0.0.0/5 certainly contains the address of www.apparelntextile.com.
Try removing it and resetting the firewall states. I have no idea how it got there (pushed to you from your ISP?).Steve
-
ya i done it :D i change the subnet mask of wan interface and now it works fine all sites are opening and the speed of browsing also increased.
Thanks SteveHemant
-
I don't know if I actually helped much. ::)
For future reference what did you change the subnet mask from/to?
Steve
