Is the snapshots.pfsense.org site blocking my ISP?

jimp

I didn't see anything close to that IP address in the bogons list on there. So it may not be that after all. I didn't see anything in the firewall log there either but it's also a busy firewall and it may have scrolled out of the log already.

Luzemario

I'm pinging it right now with no response… can you look again?

I'll let it pinging for 24 hours. If you find (or not) please let me know so I can stop the pings.

jimp

That firewall blocks ping so that doesn't help.

Try making a few HTTP connections to the snapshots server, see what happens.

Luzemario

I am making some traceroutes using TCP, as in

traceroute -P tcp snapshots.pfsense.org

and triyng to connect via http too.

Luzemario

jimp,

I can access the site now. But I see a list of files instead of index.html.

jimp

Traceroute will not work properly no matter what, TCP or UDP. The firewall only lets tcp/80 through there.

The only proper test is http on port 80.

Depending on the way you accessed the site, a list of files may be normal.

Luzemario

Cool!!

I am outside house now, so I am using a SSH tunnel to reach snapshots.pfsense.org on port 80 from home. I will test better when at home, but since I can open port 80, all will be fine now.

Thank you very much, sorry for the extra work…  ;)

st4fun

in General Setup

Do not use the DNS Forwarder as a DNS server for the firewall

Luzemario

@st4fun:

Do not use the DNS Forwarder as a DNS server for the firewall

Why not?

ggzengel

My pfsense shows:
Downloading new version information…done
Unable to check for updates.
Could not contact custom update server.

I can telnet port 80 and it gets open.

It's not good to block ping.

ggzengel

After package capture and finding nothing I understand.
The updater tries to update with ipv6, but ipv6 is disabled.
After making an entry in DNS Forwarder (snapshots.pfsense.org=66.111.2.168) the updater works.

Why will this work if not using DNS forwarder?
It's more a bug of the updater, because the other 6+ pfsenses work. It's only if there an ipv6 router on WAN and ipv6 is disabled in pfsense.

jimp

Your IPv6 must not be fully disabled. Usually it wouldn't attempt that unless you have an IPv6 default route/gateway or a GUA IPv6 address configured somewhere.

ggzengel

I never did something with ipv6 on this pfsense. From first minute on I disabled ipv6 and it worked perfectly.
The only thing which changed is that my ISP connected ipv6 to my vlan.

Know we know why it doesn't work. What to do that it will work again?
In my opinion the updater has to fall back to ipv4.

eri--

Probably report as an issue in redmine.pfsense.org to have it not forgotten.
Probably during 2.2. roadmap it will be solved

ggzengel

Issue #3152 created.