Fresh install cant access a site

kejianshi

Are you running any country blockers or IP blockers or anything?  No SNORT?

chpalmer

Go to your gui / Diagnostics/ DNS lookup

diag_dns.php

Enter mailbeez.com there and see what you get.

kejianshi

BTW - Just to be sure, www.mailbeez.com isn't your site is it?

brebix

@chpalmer:

Go to your gui / Diagnostics/ DNS lookup

diag_dns.php

Enter mailbeez.com there and see what you get.

DNS forwarder on same result
Server Query time
127.0.0.1    8 msec
8.8.8.8 30 msec
8.8.4.4 31 msec

DNS forwarder off same result
Server Query time
8.8.8.8 50 msec
8.8.4.4 32 msec

MY ISP DNS same results (holy cow latency)
Server       Query time
65.32.1.65 256 msec
65.32.1.70 268 msec

brebix

@kejianshi:

Are you running any country blockers or IP blockers or anything?  No SNORT?

Fresh install LAN and wan default settings no packages yet

brebix

@kejianshi:

BTW - Just to be sure, www.mailbeez.com isn't your site is it?

I wish lol

kejianshi

The route from you to them is probably broken somewhere along the way. 
Lets see.

run this command from linux terminal

mtr -c 25 –report -n mailbeez.com

(If you don't have linux handy, you can go to packages and install mtr-nox11, then go into the shell and run that command.  Hopefully we will see where things are broken.)

Edit:  You can also run that command from diagnostics > mtr in the pfsense web gui.  (after you install the package)

then just drop in mailbeez.com in the top blank and 25 in the count blank then run and wait for results.

chpalmer

@brebix:

@chpalmer:

Go to your gui / Diagnostics/ DNS lookup

diag_dns.php

Enter mailbeez.com there and see what you get.

DNS forwarder on same result
Server Query time
127.0.0.1    8 msec
8.8.8.8 30 msec
8.8.4.4 31 msec

DNS forwarder off same result
Server Query time
8.8.8.8 50 msec
8.8.4.4 32 msec

MY ISP DNS same results (holy cow latency)
Server       Query time
65.32.1.65 256 msec
65.32.1.70 268 msec

What IP address did it give you?

Trivial I know but it all the clues…

brebix

@kejianshi:

The route from you to them is probably broken somewhere along the way. 
Lets see.

run this command from linux terminal

mtr -c 25 –report -n mailbeez.com

(If you don't have linux handy, you can go to packages and install mtr-nox11, then go into the shell and run that command.  Hopefully we will see where things are broken.)

lol read my mind was running mtr as you edited that

I didn't want to physically move so I used winmtr

not to interesting results
|–----------------------------------------------------------------------------------------|
|                                      WinMTR statistics                                  |

Host              -  %	Sent	Recv	Best	Avrg	Wrst	Last
192.168.1.1 -    0	26	26	0	0	0	0
No response from host - 100	6	0	0	0	0	0
71.44.1.106 -    0	26	26	7	9	16	8
72.31.211.158 -  0	26	26	11	17	25	13
72.31.2.146 -    0	26	26	12	18	26	20
72.31.208.2 -    0	26	26	9	14	20	17
4.68.70.149 -    0	26	26	8	12	47	12
4.69.148.213 -    0	26	26	124	128	135	127
4.69.151.254 -    0	26	26	127	131	137	129
4.69.140.142 -    0	26	26	125	128	137	125
4.69.148.253 -    0	26	26	125	128	134	126
4.69.132.86 -    0	26	26	127	129	137	127
4.69.134.134 -    0	26	26	128	131	141	129
4.69.134.149 -    0	26	26	124	131	143	131
4.69.137.61 -    0	26	26	127	131	137	130
4.69.143.137 -    0	26	26	124	127	133	129
4.69.140.6 -      0	26	26	124	128	141	125
4.69.154.75 -    0	26	26	130	133	173	132
195.16.162.254 -    0	26	26	129	133	154	129
213.239.245.25 -    0	26	26	131	133	141	131
213.239.245.30 -    0	26	26	133	135	141	133
213.239.245.90 -    5	22	21	0	136	146	136
213.239.244.51 -    0	26	26	136	138	144	139
176.9.124.20 -    0	26	26	134	136	145	138
________________________________________________	______	______	______	______	______	______

However check this out I drew up a diagram real quick
it seems that when my staticly assigned IP is my GW connected to my pfsense box I cannot access the site. However with my PC connected direct to the modem with the same static IP and GW information it works fine.

Just for the hell of it I threw in a residential modem with a publicly assigned dynamic IP from ISP and hooked that up to my pfsense box.... Guess what works fine

The mtr results on the residential modem with a publicly assigned dynamic IP
Same results more or less
|------------------------------------------------------------------------------------------|
|                                      WinMTR statistics                                  |

Host              -  %	Sent	Recv	Best	Avrg	Wrst	Last
192.168.1.1 -    0	25	25	0	0	1	0
No response from host -  100	6	0	0	0	0	0
71.44.1.106 -    0	25	25	8	11	18	12
72.31.211.158 -    0	25	25	10	17	25	13
72.31.210.239 -    0	25	25	12	19	29	15
72.31.208.2 -    0	25	25	13	18	26	18
4.68.70.149 -    5	22	21	0	12	25	12
4.69.148.213 -    0	25	25	129	132	137	133
4.69.151.254 -    0	25	25	129	134	145	131
4.69.140.142 -    0	25	25	131	135	145	143
4.69.148.253 -    0	25	25	126	129	136	129
4.69.132.86 -    0	25	25	129	132	138	129
4.69.134.138 -    0	25	25	128	132	142	139
4.69.134.153 -    0	25	25	127	131	139	133
4.69.137.53 -    0	25	25	130	132	138	134
4.69.143.141 -    0	25	25	129	132	137	131
4.69.140.14 -    0	25	25	130	133	143	134
4.69.154.203 -    0	25	25	126	129	134	129
195.16.162.254 -    0	25	25	136	142	174	137
213.239.245.25 -    5	22	21	0	135	139	133
213.239.245.30 -    0	25	25	138	141	150	139
213.239.245.90 -    0	25	25	139	142	149	144
213.239.244.19 -    4	25	24	136	140	152	144
176.9.124.20 -    0	25	25	135	138	144	140
________________________________________________	______	______	______	______	______	______

diagram attached does not have the PC connected to the modem and the firewall with the same static I drew that to show that it works direct to modem with IP in NIC and same IP in pfsense wouldnt let me go to that one damn site.

brebix

Thanks for all your help I am going to get with the other engineers to take a look at this one… I guess some advice to take away from this is to stay away from the SBG6580 formerly Motorola now owned by Arris apparently it has issues with pfsense.

kejianshi

OK - So, you have this modem…

And with pfsense, you are using static IP but on the same modem with different router you are using dynamic IP?

And dynamic IP assignment works?

brebix

@kejianshi:

OK - So, you have this modem…

And with pfsense, you are using static IP but on the same modem with different router you are using dynamic IP?

And dynamic IP assignment works?

Talking about 2 separate modems now…

The static modem is in straight static no double NAT or anything.

The modem I just tried is a different model and is dynamic bridge and gets a public dynamic IP

The static IP works going to mailbeez.com only when I connect to SOHO router or direct to PC with same static IP and modem ..

BUT  when I use it with pfsense with the same static IP no mailbeez.com...

so static modem-->pfsense -->pc = no mailbeez.com

I have multiple modems I work for the ISP and have multiple test accounts

so I used a different model modem with no static IP with pfsense and I can navigate to mailbeez.com

Different model modem dynamic IP--> Pfsense--> PC = I CAN navigate to mailbeez.com

Literally makes 0 sense but...

I at this point I think it has to do with the model modem more than it being the static IP vs public dynamic difference.

What messed with me is that direct to the same static modem it worked no problem... Hence why I thought it was a pfsense issue and not ISP or model modem..

so assumption of the issue is some sort of incompatibility between this model modem and pfsense at this point.

kejianshi

Sounds like you have a bit of testing on your hands.  Enjoy.