Everything works, except one single website!?!
-
Don't dump pfSense, but I guess that is what you should do with your setup.
The site shows up, me using pfSense.Btw: strange, that site "Find us on Google+" and nothing more …..
-
Any chance your home IP address has been blacklisted by the website hoster?
You could test by spoofing the MAC address of your WAN NIC, then reboot your modem and renew pfSense.
That should give you a new public IP address and you can try your wife's website.Worth a shot.
-
It's not pfSense. It's something else. (btw, it works from here too.)
-
Do you have something like AdBlocker that would block the content?
It seems like the entire website after the "find us on google+" is loading Adobe Flash. -
ok. I'll go through the replies from the top:
Doktornotor: Thanks for the review of the website. Not sure if your trying to be a jerk, or just don't care. You might have missed the part where I said it was my WIFE'S website. I'm not real fond of flash either, but I usually try to find better words then "dude, your stuff looks like week old cow shit". And no, if you didn't actually see a functional website without having to click anything then it didn't really work. Its not non-functional by design, lol. When I remove PFsense from the chain everything works flawlessly. No clicks needed. I have no idea WTF the google+ stuff pops up in the corner but I agree, it sucks. Which browser/OS are you using?
If you want to try something not flash go to www.pottingerphoto.com/blog
MLIT: No DNS problems. Identical DNS settings when behind PFsense or when removing it from the loop. No squid, default PFsense. I'll try a blank/fresh reinstall next.
Gertjan: It does not work for you if all it shows is "find us on google+". All my friends not using PFsense get the full website without issue.
Divsys: Nope. I disabled PFsense and was able to see the website just fine with the same exact IP address. But excellent idea, I kinda wish you were right.
Derelict: It absolutely is PFsense since the only variable that's consistent is PFsense. I can change the DNS settings, use different computers, different browsers, different devices, etc. The second I get PFsense out of the way it pulls the site up instantly. Does PFsense keep cache files of websites or DNS data? (even though the PFsense server isn't running DHCP or DNS, those both run on a Windows machine, which works fine if I bypass PFsense, but it doesn't work if I bypass the windows box and leave PFsense in the chain).
Qvik: No adblocker software at the PFsense level. I do run it on the browser, but again, it works fine on the browser as long as I bypass PFsense in some way (use a different router, plug the PC directly into the cable modem, connect through a VPN, connect through a 4G phone, etc). The website is pure flash after the google+ crap. Does it come up for you? Does www.pottingerphoto.com/blog work for you? Its "Flash-Free".
Those of you who has problems getting the flash site to come up, does www.pottingerphoto.com/blog work for you? Its weird that none of my friends are reporting the problems a few people in this post have reported, so I'm concerned something is up with the hosting provider or the DNS entry that gags specifically with PFsense (which isn't ok as far as I'm concerned).
Thanks for the help so far!
-
Works here with Windows 8.1 Pro and IE 11, pfSense 2.2.2-RELEASE (i386), no packages, DNS resolver using root servers.
Brief delay at the find us on Google link, then the flash loads and plays.
Try a different browser and client.
Clear cache.
Clear cookies. -
Perhaps the error means what it says : This webpage is not available ERR_CONNECTION_TIMED_OUT.
Traceroute to 208.109.181.92 ( pottingerphoto.com) craps out, while to 208.123.73.69 (pfsense.org) completes.
Does pfsense have some kind of timeout ??
BTW both the blog and the website work from Canada.
-
Well, with all that quirkiness a reinstall shouldn't be that bad and will only take a minute or two. Might just be some strange kerfuffle. With all the time spent back and forth here it's not gonna be that painful to reinstall.
-
[edit]
Possibly an ISP is blocking it if you are in the UK[/edit], snort also blocks its for java obfuscation above level 1, and for some strange reason the ip address is already in my block list and yet I have not visited your site until a few moments ago. How strange!Edit. If an isp was blocking it I wouldnt be able to see it.
For a static Akami Technologies webserver to be blocked already is interesting along with what you have said noobie.
-
That IP is blacklisted by 'Virus Total' : https://www.robtex.com/en/advisory/ip/208/109/181/92/
-
That IP is blacklisted by 'Virus Total' : https://www.robtex.com/en/advisory/ip/208/109/181/92/
So one possible explanation is its a phishing exercise if one is cynically mind, considering the new account.
Edit.
Check your WAN logs after the visit, you'll notice an increase of incoming traffic from a variety of ip addresses, of course the geolocation of source ip's is not indicative of the culprit, it could be a bot net designed to set others up, thats what makes life interesting. Smoke & Mirrors. ;D -
Its been educational. ;D
-
Derelict: It absolutely is PFsense since the only variable that's consistent is PFsense. I can change the DNS settings, use different computers, different browsers, different devices, etc. The second I get PFsense out of the way it pulls the site up instantly. Does PFsense keep cache files of websites or DNS data? (even though the PFsense server isn't running DHCP or DNS, those both run on a Windows machine, which works fine if I bypass PFsense, but it doesn't work if I bypass the windows box and leave PFsense in the chain).
You can wank about it being pfSense all you want. It might be your misconfiguration of the same, but it's not something systemic with the software. I certainly cannot find the Block access to this single website checkbox.
You say it's your spouse's work? Do you VPN in or anything? Some other reason you would have DNS for that site hosed?
And the site only shows "Find us on Google+" to those who browse with javascript disabled ala NoScript. Completely a browser issue, nothing to do with routing or the pfSense software. I won't comment on the audacity of playing music without warning.
-
That IP address resolves to a GoDaddy server hosting a variety of sites.
At least a few raise questions as to their "integrity".pottingerphoto.com is registered to an Australian owner through Yahoo.
Assuming the best - the owner of pottingerphoto.com created a site and hosted it on a "cheap" GoDaddy server that's gotten blacklisted due to other clients on the same server.
Assuming the worst - it's a phishing/malware/social engineering attempt.
Either way, it's not a pfSense problem.
-
And no, if you didn't actually see a functional website without having to click anything then it didn't really work.
I won't click random flash shit, sorry. It is accessible just fine from behind pfSense. The Flash is blocked by my browser by default (click to play). Has nothing to do with pfSense. My interest in the contents of sites unusable without flash is absolutely zero. (BTW, same can be said about search engines, perhaps you could forward this message to your wife. There are also people who refuse to install buggy Adobe junk that gets tens of security advisories every month, or people where Flash is not available at all on their platform.)
Plus, as noted above, this whole thread starts to stink.
-
Works fine for me behind 2.2.2 after pausing to load that massive Flash blob.
-
:D
And you guys are getting tricked into this everytime :D
-
Its not a phishing attempt, though apparently using godaddy isn't quite the good idea I thought it was. I'd be happy to hear of some hosts that don't suck quite so badly. The IP address shouldn't show as owned by someone in aulstralia, it should show as Kentucky, USA. In fact, your welcome to look up the LLC on kentucky's .gov website, the business has been active for 10+ years now I believe.
The website is a template, and not one i'm fond of. It does show a non-flash version to devices that don't support flash (otherwise it wouldn't work on an iPad for example).
Its also clearly something wrong with PFsense, but that definitely doesn't mean its not a configuration issue of some kind I've caused. In fact I'd say it most likely is a configuration issue of some kind based on the fact that many of you have gotten it working (other then the noscript/Ihateflash confusion).
Hopefully a reinstall fixes it.
-
Its not a phishing attempt, though apparently using godaddy isn't quite the good idea I thought it was. I'd be happy to hear of some hosts that don't suck quite so badly. The IP address shouldn't show as owned by someone in aulstralia, it should show as Kentucky, USA. In fact, your welcome to look up the LLC on kentucky's .gov website, the business has been active for 10+ years now I believe.
The IP of the web server shows up under GoDaddy's Arizona HQ address, which would be expected. That's a shared hosting service, the IP isn't assigned only to that company, and even if it were it's just a single address out of one of GoDaddy's blocks.
The domain is registered with registrar Melbourne IT Ltd in Australia, but registered to Ben Pottinger in KY as the owner.
All cheap website hosting sucks. You'll end up on a server with hundreds or thousands of other websites, likely some of ill repute or some that get compromised and become of ill repute. That IP in particular hosts 1001 different domains. Can look up the IP here. http://www.yougetsignal.com/tools/web-sites-on-web-server/
There really isn't anything you can do to get great low-rent web hosting. I'm sure there are some providers that are better than GoDaddy, but don't expect any ~$10-20/month or less web hosting to be great.
Back to the original problem - what's failing? Does DNS resolve correctly? Can you ping the IP? If DNS resolves fine, and you can't ping the IP, what does a traceroute to that IP look like?
-
