Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to access any network that uses the same ISP as I do

    Scheduled Pinned Locked Moved General pfSense Questions
    46 Posts 7 Posters 16.8k Views 6 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jdogtotherescue
      last edited by

      We run a couple ssh servers at our homes for fun and learning purposes. When I upgraded to 2.4.5 p1 I lost the ability to access a server I had at a friends house in town. They use the same isp as I do and it is driving me crazy. I can connect to this server from my phones hotspot and I can connect to another server over ssh that is on a different isp and then ssh back into this unreachable server and that works fine. I even eliminated the pfsense firewall and just connected my laptop directly to my modem and I was able to connect which tells me pfsense is causing the problem. Has anyone else experienced this? I can reach the internet just fine from home, all sites are available, but anything that uses the same ISP as I do is unreachable from behind pfsense. I even tried to go back to pfsense 2.4.4 on another machine and it didn't help.

      JKnottJ 1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        Its quite possible isp blocks their users from talking to each other.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • JKnottJ Offline
          JKnott @jdogtotherescue
          last edited by

          @jdogtotherescue

          Have you called their tech support? If they're blocking between customers, as @johnpoz says, they're interfering with legitimate use.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            @JKnott said in Unable to access any network that uses the same ISP as I do:

            they're interfering with legitimate use.

            Says who? Many a residential ISP don't allow services to be run off your connection, many these days put you behind a CGnat..

            You not being able to get to billy's IP down the street from you is not interfering with anything.. Unless in their TOS they state you will be able to talk to all our other customers, etc.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            JKnottJ 1 Reply Last reply Reply Quote 0
            • JKnottJ Offline
              JKnott @johnpoz
              last edited by

              @johnpoz

              Well, I guess I'm with a more enlightened ISP. I have connected to my home network from other locations on the same ISP. In fact I regularly test things either by tethering to my cell phone (same company) or using my 2nd IPv4 address¹. As for CGNAT, I expect that to be more of an address shortage issue than anything else. This is an example of why net neutrality should be mandatory. An ISP should have absolutely no say in who you connect to. Also, if they want to block such things, wouldn't they just block any such connections, no matter where they come from.

              1. My ISP provides two IPv4 addresses to customers. When I connect my notebook to a 2nd port on the modem, I get another public address.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              1 Reply Last reply Reply Quote 0
              • J Offline
                jdogtotherescue
                last edited by

                I have already determined the problem has nothing to do with the ISP as connection between our houses still works when i dont use pfsense. My ISP provides a connection that If you wanted to, you could plug in a simple desktop switch and obtain an address and access the internet. No NAT required on our end. I did this and tried to connect and was successful. Then I go back under the protective wing of pfsense and bam, not able to connect.
                With pfsense=no connect
                Without pfsense=connect
                What I am doing to get around this right now is uploading to this other server through a virtual machine using a vpn. It sucks, and is slow, but works. I know it seems like my ISP is doing something that is wrong but if they were I would not be able to connect when pfsense was not used. I will try again tonight with a different test to see if anything else is causing a problem but it seems that it is pfsense and not the ISP.
                To clarify, everything worked fine up until this summer. Then around the time I noticed 2.4.5 released it no longer worked.

                JKnottJ 1 Reply Last reply Reply Quote 0
                • JKnottJ Offline
                  JKnott @jdogtotherescue
                  last edited by

                  @jdogtotherescue

                  I'm thinking perhaps a subnet mask issue. If pfsense thinks the neighbour is on the same subnet, then you could have that problem.

                  So, if you take 2 computers, 1 at your home and one at the neighbours, both connected to the modems, you can ping etc. between them?

                  What do packet captures show? Do you see packets for your neighbour going out over the wire?

                  PfSense running on Qotom mini PC
                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                  UniFi AC-Lite access point

                  I haven't lost my mind. It's around here...somewhere...

                  JKnottJ 1 Reply Last reply Reply Quote 0
                  • JKnottJ Offline
                    JKnott @JKnott
                    last edited by

                    @JKnott

                    One other thing, I trust your WAN rules allow that connection.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    1 Reply Last reply Reply Quote 0
                    • J Offline
                      jdogtotherescue
                      last edited by

                      wanrules.png
                      These are my rules on the wan adapter.
                      Ive been playing around with vlans and when I get home I will set up my switch to give my openwrt router an ip over a vlan so I can leave my working pfsense network undisturbed. Ill post back with results of that.

                      1 Reply Last reply Reply Quote 0
                      • PippinP Offline
                        Pippin
                        last edited by

                        Try disabling RFC1918 rule.

                        I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
                        Halton Arp

                        1 Reply Last reply Reply Quote 1
                        • J Offline
                          jdogtotherescue
                          last edited by

                          So I am home now and after bypassing my pfsense and putting my test laptop out on its own public address that is different from my normal wan network address, I can't access the server I have been trying to. If I ssh out to another even farther server (a raspberry pi 3 in a different city) I can ssh back into the target server but from any IP address under my ISP that is associated with me it blocks. I wonder if its me? Is it likely that I was flagged as suspicious or something? I have a few cron jobs that back up files between these locations and maybe that got me flagged? It ran for a couple years and then all the sudden during the summer it stopped working. I think it may be time to call my ISP and see what happened. BTW disabling the RFC 1918 rule didn't help.

                          1 Reply Last reply Reply Quote 0
                          • J Offline
                            jdogtotherescue
                            last edited by

                            I called the support desk for my ISP and it seems they may have flagged me. Too bad.

                            JKnottJ 1 Reply Last reply Reply Quote 0
                            • JKnottJ Offline
                              JKnott @jdogtotherescue
                              last edited by

                              @jdogtotherescue

                              What were you flagged for? 🎏 😉

                              PfSense running on Qotom mini PC
                              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                              UniFi AC-Lite access point

                              I haven't lost my mind. It's around here...somewhere...

                              GertjanG 1 Reply Last reply Reply Quote 0
                              • GertjanG Offline
                                Gertjan @JKnott
                                last edited by

                                @JKnott said in Unable to access any network that uses the same ISP as I do:

                                @jdogtotherescue

                                What were you flagged for? 🎏 😉

                                Let me guess : he wasn't the only one calling to them mentioning his IP ....

                                No "help me" PM's please. Use the forum, the community will thank you.
                                Edit : and where are the logs ??

                                1 Reply Last reply Reply Quote 1
                                • J Offline
                                  jdogtotherescue
                                  last edited by

                                  The helpdesk didnt confirm as I didnt give my name, but I suspect it may be for the infringement notice. I have more families on my network than just mine. We are all on separate vlans but under the same public ip address.

                                  JKnottJ 1 Reply Last reply Reply Quote 0
                                  • JKnottJ Offline
                                    JKnott @jdogtotherescue
                                    last edited by

                                    @jdogtotherescue

                                    So, you're sharing your connection in violation of the service terms. Yep, that'll do it.

                                    PfSense running on Qotom mini PC
                                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                    UniFi AC-Lite access point

                                    I haven't lost my mind. It's around here...somewhere...

                                    J 1 Reply Last reply Reply Quote 0
                                    • J Offline
                                      jdogtotherescue @JKnott
                                      last edited by

                                      @JKnott I dont know how they would know though. Who is to say I dont just have family/friends living with me permanently?

                                      1 Reply Last reply Reply Quote 0
                                      • johnpozJ Offline
                                        johnpoz LAYER 8 Global Moderator
                                        last edited by

                                        Well how many total users?

                                        Also if you were in violation of some policy, wouldn't they just kill your access completely vs blocking you from accessing some other IP of theirs?

                                        Makes no sense.. Hey this guy is sharing his account, lets let him go to the internet, but block his access to other customers IP?

                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                        If you get confused: Listen to the Music Play
                                        Please don't Chat/PM me for help, unless mod related
                                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                                        JKnottJ 1 Reply Last reply Reply Quote 0
                                        • JKnottJ Offline
                                          JKnott @johnpoz
                                          last edited by

                                          @johnpoz

                                          I suspect there may be more to this than has been mentioned.

                                          PfSense running on Qotom mini PC
                                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                          UniFi AC-Lite access point

                                          I haven't lost my mind. It's around here...somewhere...

                                          1 Reply Last reply Reply Quote 0
                                          • J Offline
                                            jdogtotherescue
                                            last edited by

                                            Just a couple families. We have recieved infringement notices in previous years but this all happened suddenly about 5 months ago. I dont know. I'm not going to call and ask about any of it outing myself as a user that does more than watch netflix with my immediate family like most people do. I dont want my connection shut off.

                                            JKnottJ 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.