PFsense Blocking Some Traffic
-
@johnpoz total.recursion.time.avg=0.125316
total.recursion.time.median=0.0505173
just booted up pfsense as it took it down again last night
total.num.queries=55
total.num.cachehits=4i have just turned prefetch on to see what difference it makes
DNS Reseolver timeout A, timeout AAAA and timeout other are all zero's
-
Well stats right after it boots not going to point to any sort of problem.
-
@johnpoz how long would you like me to leave it before re-posting stats?
hours, days? i dont know how long ill need to collect data for before it becomes of any use for fault diagnosis -
After you have been seeing a dns related problem.
Total number of queries 55.. There is nothing on your network doing anything at that point.. Notice mine was 126,000
-
im not sure this is even a DNS issue, i have no idea what is causing the issue, that smokeping test tool posted further up is currently reporting 0.00% packet loss accross all 3 servers that are pinging me.
the issue with ebay app landing [page not loading on wifes phone is constant (it never loads unless we switch to 3g/4g data or remove pfsense) all the other pages/search/buy functions work all the time.... ebay app loads on other devices every single time no issues.
the issue with the android tv box and virgin tv go allowing me to login, loading menu's and previews and up to date live tv guide but not playing actual programs is a constant while pfsense is running, but virgin tv go on all other devices works even with pfsense in place.i cant see anything in the logs to suggest traffic is being blocked, makes no sense as to why i would be blocking only certain devices
total.num.queries=1047
total.num.queries_ip_ratelimited=0
total.num.cachehits=158
total.num.cachemiss=889
total.num.prefetch=14
total.num.zero_ttl=0
total.recursion.time.avg=0.138458
total.recursion.time.median=0.0890953i would love to learn more about pfsense (which is why i got it to start with) but these issues dont seem to make any sense.
i did notice you had over 100k queries but i have no idea how long your box has been up and running, could be months
from the first few mins of booting pfsence up to now 2 hours uptime, the hit rate seems to be hovering steady at 14-16%
is there anything i should be looking at on the devices in question??
-
You might want to grab a packet capture onb the LAN filtered by the IP of the offending device.
Try to do as little as possible on the phone just to minimise the traffic. Once the menus have failed to load check the pcap.Steve
-
Current uptime: 22 Days 03 Hours 48 Minutes 58 Seconds
That would of been since updated to p1, current stats show... But that is not always related to when unbound restarted..
1047 queries is not a lot of queries.. Do you have not have your stuff pointing to pfsense? Do you only have like 1 device on your network or something? How long has unbound been up to get your 1047 queries?
-
It was only me on my pc and phone last night.
The system uptime was 2 hours 12 mins when I saw the 1000 queries which is approx 500 per hour.
Your 126k decided by 22 days up time is approx 240 per hour.
I have no idea how long unbound was running, I was just going by system up time.All traffic should be going through pfsense as all traffic to and from the modem is tagged via vlan
I've taken pfsense down again at the moment, will boot it up again tonight and leave it running for a few days (and do the Lan side packet sniffing sujested above)
How can I find inbounds "uptime" if it's different from system uptime? -
@noob said in PFsense Blocking Some Traffic:
How can I find inbounds "uptime" if it's different from system uptime?
Easy : check the DNS log ! Or ask the system : ps ax | grep 'unbound'
unbound is a service that is restarted rather often. -
time up will also be in the stats
time.up=81609.360209Which would be in seconds.
And to be honest most everything on my network points to downstream pihole, so that reduces the number of queries unbound sees because pihole only asks unbound for stuff that has not been blocked, and also it caches.. So if say 3 things asked for xyz.com unbound would only see the 1 from pihole, then piehole would serve the answer up to the clients via its cache.