Is the snapshots.pfsense.org site blocking my ISP?

jimp · Aug 12, 2013, 3:45 PM

I didn't see anything close to that IP address in the bogons list on there. So it may not be that after all. I didn't see anything in the firewall log there either but it's also a busy firewall and it may have scrolled out of the log already.

Luzemario · Aug 12, 2013, 4:20 PM

I'm pinging it right now with no response… can you look again?

I'll let it pinging for 24 hours. If you find (or not) please let me know so I can stop the pings.

jimp · Aug 12, 2013, 4:38 PM

That firewall blocks ping so that doesn't help.

Try making a few HTTP connections to the snapshots server, see what happens.

Luzemario · Aug 12, 2013, 4:51 PM

I am making some traceroutes using TCP, as in


traceroute -P tcp snapshots.pfsense.org

and triyng to connect via http too.

Luzemario · Aug 12, 2013, 5:01 PM

jimp,

I can access the site now. But I see a list of files instead of index.html.

jimp · Aug 12, 2013, 5:19 PM

Traceroute will not work properly no matter what, TCP or UDP. The firewall only lets tcp/80 through there.

The only proper test is http on port 80.

Depending on the way you accessed the site, a list of files may be normal.

Luzemario · Aug 12, 2013, 5:43 PM

Cool!!

I am outside house now, so I am using a SSH tunnel to reach snapshots.pfsense.org on port 80 from home. I will test better when at home, but since I can open port 80, all will be fine now.

Thank you very much, sorry for the extra work… ;)

st4fun · Aug 13, 2013, 7:36 AM

in General Setup

Do not use the DNS Forwarder as a DNS server for the firewall

Luzemario · Aug 15, 2013, 4:35 PM

@st4fun:

Do not use the DNS Forwarder as a DNS server for the firewall

Why not?

ggzengel · Aug 15, 2013, 9:03 PM

My pfsense shows:
Downloading new version information…done
Unable to check for updates.
Could not contact custom update server.

I can telnet port 80 and it gets open.

It's not good to block ping.

ggzengel · Aug 15, 2013, 9:57 PM

After package capture and finding nothing I understand.
The updater tries to update with ipv6, but ipv6 is disabled.
After making an entry in DNS Forwarder (snapshots.pfsense.org=66.111.2.168) the updater works.

Why will this work if not using DNS forwarder?
It's more a bug of the updater, because the other 6+ pfsenses work. It's only if there an ipv6 router on WAN and ipv6 is disabled in pfsense.

jimp · Aug 16, 2013, 12:34 PM

Your IPv6 must not be fully disabled. Usually it wouldn't attempt that unless you have an IPv6 default route/gateway or a GUA IPv6 address configured somewhere.

ggzengel · Aug 16, 2013, 1:15 PM

I never did something with ipv6 on this pfsense. From first minute on I disabled ipv6 and it worked perfectly.
The only thing which changed is that my ISP connected ipv6 to my vlan.

Know we know why it doesn't work. What to do that it will work again?
In my opinion the updater has to fall back to ipv4.

eri-- · Aug 16, 2013, 6:26 PM

Probably report as an issue in redmine.pfsense.org to have it not forgotten.
Probably during 2.2. roadmap it will be solved

ggzengel · Aug 18, 2013, 7:28 PM

Issue #3152 created.