Unable to Browse Internet

johnpoz

Well seems to be resolving just fine.. ntop should not be causing any issues..

You sure its not an ISP related problem..

do a simple traceroute.. do you get past pfsense?

$ tracert -d netflix.com

Tracing route to netflix.com [107.23.104.215]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.9.253
  2    10 ms    19 ms    10 ms  50.4.132.1
  3    18 ms    10 ms     9 ms  76.73.191.106
  4     9 ms    12 ms    11 ms  76.73.164.121

So clearly getting past pfsense there with the 2nd hop.. So do a sniff on pfsense wan when try and open the website.. Your browser says the connection was closed

What does pfsense show for the quality of your connection - is it having a lot of packet loss, etc. Your shot of your gateway sure doesn't show any.. and freaking screaming great connect.. under 1 ms to your isp device.. That is pretty freaking good..

wiinc1

@johnpoz - below is the results of the traceroute. Doesn't look good , but I know very little about networking.

How do I do a sniff in pfSense?

@johnpoz @BogusException
I went back through the instructions I created to get pfSense to work originally around putting my PACE modem into bridge mode so I didn't think it was the ISP. Any time I have called ATT (or even comcast) in the past, I have been asked if I can get to the internet while connected via Ethernet... if I can get to the internet they offer little to no help (which I can get to the internet plugging in the laptop to the modem via Ethernet). I don't want to yell at ATT, but I'm getting beyond frustrated (more because I can't figure this out).

Appreciate your help and patience with this noob (me).

stephenw10

@johnpoz said in Unable to Browse Internet:

under 1 ms to your isp device.. That is pretty freaking good..

Suspiciously so. It's monitoring something very close which will not show packet loss upstream of that.
You might want to change the monitoring target to some other public IP that responds to ping. 8.8.8.8 is a common choice.

Steve

wiinc1

@stephenw10 said in Unable to Browse Internet:

You might want to change the monitoring target to some other public IP that responds to ping. 8.8.8.8 is a common choice.

Where you I change the monitoring target?

Now one of the gateways shows "pending" - not sure if this is indicative of an issue or not.

stephenw10

You can set a custom target by editing the gateway in System > Routing.

The v6 gateway was monitoring the link local address so that was not showing anything upstream. It should still be doing so though unless you disabled IPv6 somewhere.

Steve

johnpoz

See all those hops with 10.x.x.x those are odd as shit... That is rfc1918 space, and doesn't route on the internet - the only way you would see such address that many hops in if you were on a really bad carrier grade nat, etc.

And why is your first hop 192.168.43??? Thought pfsense was 192.168.100.1 ?

wiinc1

@stephenw10
IPv6 Gateway Setup - To me it looks like it is the default. Let me know if you see something that doesn't look right.

The change after inputing 8.8.8.8 for the gateways:

@johnpoz - The only thing I can think of is that the ATT Fiber modem (PACE) is the older version. I have never came close to the 1GB speeds, not even half that since I have been on the service.

I have no idea why the first hop is to any other IP besides 192.168.100.1. since this is the setup at this moment. I'd trust your opinion over mine though.

wiinc1

@BogusException

I appreciate the help and suggestions.

I'll be honest, the pfSense logs don't to alot for me as I'm not sure what I am looking for.

I'm not able to make heads or tails of the following logs:

I probably will call ATT, but trying to make sure I don't yell at a customer service / technical support rep as they didn't create the problem :)

johnpoz

Dude if your first hop is not 192.168.100.1, then your NOT talking to pfsense. You sure your not connected to someone else.

You show us your pfsense IP of 192.168.100.1, then a trace showing your hitting 192.168.43. - and then a bunch of 10.x address... Not sure what that has to do with pfsense...

stephenw10

Yeah, you have something weird there. You might not necessarily see 192.168.100.1 in the traceroute but if you do it will be the first hop.

Unless maybe you are behind another router? Maybe acting as an access point but still NATing?

That still wouldn't explain the string if private IPs in the output.
Seems more likely you are connecting over a VPN or maybe a 3G/4G device somehow.

How does that compare with the sane traceroute run from the pfSense CLI?

Steve

wiinc1

@johnpoz & @stephenw10 - Based on your comments and feedback, I went back and did the following:

• Walked through the steps / video to put the PACE 5268AC modem into bridge mode.

• After that, I ran the tracert -d netflix.com again.

Below are the results (the first hop was to what you expect - 192.169.100.1)

Even with something that you would expect, I'm not able to pull up sites like youtube.com, linuxmint.com, or getfedora.org via the browser on a laptop connected to the switch via Ethernet.

Does this traceroute look better?

johnpoz

You could of turned the modem off, that would have zero to do with clients talking to pfsense... What is on your wan has ZERO to do with what pfsense lan IP, and its dhcp clients.

How exactly do you have all this stuff connected together?

That is not a modem, that is a gateway, and runs wireless.. Are you clients connecting to it for wireless?

So see 2nd hop, your past pfsense - stuff not working once that has happened has zero to do with pfsense.. Call your isp.

stephenw10

Netflix is not a great target for traceroute though. It times out for me too.

At least you're seeing what looks like the correct route. It seems highly suspicious that you were seeing a different gateway device previously. I'd suggest you have a rogue DHCP server or some unknown connection somewhere.

Steve

johnpoz

Doesn't matter about the rest of the traceroute.. What matters is showing past pfsense.. Its rare these days to be able to get a clean trace all the way to the dest without some timeouts, freaking idiots not answering them along the way.

If he having issues getting somewhere and pfsense passes on the traffic - and stuff isn't working he needs to call his isp..

A sniff on pfsense might give you more insight.. With his client saying connection was "closed" maybe RST are being sent back from the ISP.. No idea - but if he routes past pfsense to his isp, and stuff not working its not pfsense issue... Which makes sense since he says he didn't change anything with pfsense..

wiinc1

I appreciate everyone's help in troubleshooting the experience I was having. ATT provided a new modem and has resolved the connectivity issue.