Cannot access forum.pfsense.org when connected to internet using pfSense

StlCardsFanJR · Nov 8, 2013, 9:01 PM

I'm running a base version of pfSense 2.1. When connected through the internet I am unable to access https://forum.pfsense.org. I had to use a different connection to post this. Can anyone shed any light as to why this is happening?

I appreciate your help,
John

stephenw10 · Nov 8, 2013, 9:39 PM

Have you changed the default firewall rules? Is there anything in the firewall logs?

Can you access the forum over SSL? https://forum.pfsense.org (edit: I see you can't. So not http or https?)

What are you using for DNS?

Steve

Tillebeck · Nov 8, 2013, 10:03 PM

What IP will resolve if you ping from your computer and then from pfsense?

your computer

ping forum.pfsense.org

In pfsense go to diagnostics -> ping
choose WAN interface and ping forum.pfsense.org

StlCardsFanJR · Nov 8, 2013, 10:50 PM

@Tillebeck:

What IP will resolve if you ping from your computer and then from pfsense?

your computer

ping forum.pfsense.org

In pfsense go to diagnostics -> ping
choose WAN interface and ping forum.pfsense.org

From a computer not going through fpSense:

Pinging forum.pfsense.org [66.219.34.171] with 32 bytes of data:
Reply from 66.219.34.171: bytes=32 time=45ms TTL=47
Reply from 66.219.34.171: bytes=32 time=44ms TTL=47
Reply from 66.219.34.171: bytes=32 time=47ms TTL=47
Reply from 66.219.34.171: bytes=32 time=51ms TTL=47

StlCardsFanJR · Nov 8, 2013, 10:52 PM

@stephenw10:

Have you changed the default firewall rules? Is there anything in the firewall logs?

Can you access the forum over SSL? https://forum.pfsense.org (edit: I see you can't. So not http or https?)

What are you using for DNS?

Steve

This is a screencap from the dashboard:

Unfortunately I'm getting ready to leave work for the weekend and I won't have a way to remote into the machine where pfSense is running. Over the weekend I'll try and get back to work if I can't answer some of the questions.

stephenw10 · Nov 9, 2013, 6:35 AM

Is it only forum.pfsense.org that's giving trouble?
It could be an mtu issue. I see your wan has a public ip, now is that delivered?

https://doc.pfsense.org/index.php/Unable_to_Access_Some_Websites

Steve

chpalmer · Nov 9, 2013, 7:54 AM

On the general settings page…

Check the box that says to not use the dns forwarder for pfsense.

Also- go to the diagnostics page/dns lookup and see what you get there.

Im getting a response that shows the host instead of the IP myself which is different than what I used to get with 2.0.x

StlCardsFanJR · Dec 5, 2013, 8:15 PM

@stephenw10:

Is it only forum.pfsense.org that's giving trouble?
It could be an mtu issue. I see your wan has a public ip, now is that delivered?

https://doc.pfsense.org/index.php/Unable_to_Access_Some_Websites

Steve

I put the two public DNS IP addresses in there in an attempt to see if that was part of my problem.

I can go to pfsense.org without any problem, but I cannot go to forum.pfsense.org from a machine which is connected to the internet through the pfSense firewall PC that I'm using.

Is there any setting in pfSense that I am unable to see using the GUI

StlCardsFanJR · Dec 5, 2013, 10:01 PM

@chpalmer:

On the general settings page…

Check the box that says to not use the dns forwarder for pfsense.

Also- go to the diagnostics page/dns lookup and see what you get there.

Im getting a response that shows the host instead of the IP myself which is different than what I used to get with 2.0.x

Attached are two screencaps from:

System –> General Setup (pfsense_General_Setup.png)
Diagnostics –> DNS Lookup (pfsense_diags_dns_lookup.png)

I'm testing pfSense at work, and this is my setup:

Cable internet connection w/5 private IP addresses.
Cable Modem (xx.x28.99.185) - Gateway IP
Available IPs (xx.x28.99.186 - xx.x28.99.190)

pfSense WAN Connection:

IP: xx.x28.99.186
Subnet Mask: 255.128.0.0
Gateway: xx.x28.99.185

Primary DNS: 24.217.0.5
Secondary DNS: 24.217.201.67

pfSense is running on a PC with dual Gigabit NICs with the WAN going directly to the cable modem and LAN is going to a DIR-825 running DD-WRT which is functioning solely as an AP for 1 desktop (hardwired) and several wireless connections. pfSense is serving as DHCP server for the devices.

I'm sure it's something small and I'd like to get it working properly. I really do appreciate the help with this.

stephenw10 · Dec 5, 2013, 10:42 PM

Hmm. Weird.

forum.pfsense.org (66.219.34.171) resolves to a different address than pfsense.org (192.207.126.26) so that explains why you are able to reach one not the other.

I notice your WAN is in the same /8 as forum.fsense.org, coincidence? Clutching at straws here. :-\

Try tracerouting to it. Perhaps you have soem odd upstream routing issue.

Steve

cmb · Dec 6, 2013, 4:01 AM

Your WAN subnet mask is wrong, it's way too big. That mask means you're telling the system that 66.216.34.x block we have is local to your WAN subnet, which it of course isn't. Fix the subnet mask on WAN to the appropriate value as provided by your ISP and you should be good.