Unable to access any network that uses the same ISP as I do
-
We run a couple ssh servers at our homes for fun and learning purposes. When I upgraded to 2.4.5 p1 I lost the ability to access a server I had at a friends house in town. They use the same isp as I do and it is driving me crazy. I can connect to this server from my phones hotspot and I can connect to another server over ssh that is on a different isp and then ssh back into this unreachable server and that works fine. I even eliminated the pfsense firewall and just connected my laptop directly to my modem and I was able to connect which tells me pfsense is causing the problem. Has anyone else experienced this? I can reach the internet just fine from home, all sites are available, but anything that uses the same ISP as I do is unreachable from behind pfsense. I even tried to go back to pfsense 2.4.4 on another machine and it didn't help.
-
Its quite possible isp blocks their users from talking to each other.
-
Have you called their tech support? If they're blocking between customers, as @johnpoz says, they're interfering with legitimate use.
-
@JKnott said in Unable to access any network that uses the same ISP as I do:
they're interfering with legitimate use.
Says who? Many a residential ISP don't allow services to be run off your connection, many these days put you behind a CGnat..
You not being able to get to billy's IP down the street from you is not interfering with anything.. Unless in their TOS they state you will be able to talk to all our other customers, etc.
-
Well, I guess I'm with a more enlightened ISP. I have connected to my home network from other locations on the same ISP. In fact I regularly test things either by tethering to my cell phone (same company) or using my 2nd IPv4 address¹. As for CGNAT, I expect that to be more of an address shortage issue than anything else. This is an example of why net neutrality should be mandatory. An ISP should have absolutely no say in who you connect to. Also, if they want to block such things, wouldn't they just block any such connections, no matter where they come from.
- My ISP provides two IPv4 addresses to customers. When I connect my notebook to a 2nd port on the modem, I get another public address.
-
I have already determined the problem has nothing to do with the ISP as connection between our houses still works when i dont use pfsense. My ISP provides a connection that If you wanted to, you could plug in a simple desktop switch and obtain an address and access the internet. No NAT required on our end. I did this and tried to connect and was successful. Then I go back under the protective wing of pfsense and bam, not able to connect.
With pfsense=no connect
Without pfsense=connect
What I am doing to get around this right now is uploading to this other server through a virtual machine using a vpn. It sucks, and is slow, but works. I know it seems like my ISP is doing something that is wrong but if they were I would not be able to connect when pfsense was not used. I will try again tonight with a different test to see if anything else is causing a problem but it seems that it is pfsense and not the ISP.
To clarify, everything worked fine up until this summer. Then around the time I noticed 2.4.5 released it no longer worked. -
I'm thinking perhaps a subnet mask issue. If pfsense thinks the neighbour is on the same subnet, then you could have that problem.
So, if you take 2 computers, 1 at your home and one at the neighbours, both connected to the modems, you can ping etc. between them?
What do packet captures show? Do you see packets for your neighbour going out over the wire?
-
One other thing, I trust your WAN rules allow that connection.
-
These are my rules on the wan adapter.
Ive been playing around with vlans and when I get home I will set up my switch to give my openwrt router an ip over a vlan so I can leave my working pfsense network undisturbed. Ill post back with results of that. -
Try disabling RFC1918 rule.
-
So I am home now and after bypassing my pfsense and putting my test laptop out on its own public address that is different from my normal wan network address, I can't access the server I have been trying to. If I ssh out to another even farther server (a raspberry pi 3 in a different city) I can ssh back into the target server but from any IP address under my ISP that is associated with me it blocks. I wonder if its me? Is it likely that I was flagged as suspicious or something? I have a few cron jobs that back up files between these locations and maybe that got me flagged? It ran for a couple years and then all the sudden during the summer it stopped working. I think it may be time to call my ISP and see what happened. BTW disabling the RFC 1918 rule didn't help.
-
I called the support desk for my ISP and it seems they may have flagged me. Too bad.
-
What were you flagged for?
-
@JKnott said in Unable to access any network that uses the same ISP as I do:
What were you flagged for?
Let me guess : he wasn't the only one calling to them mentioning his IP ....
-
The helpdesk didnt confirm as I didnt give my name, but I suspect it may be for the infringement notice. I have more families on my network than just mine. We are all on separate vlans but under the same public ip address.
-
So, you're sharing your connection in violation of the service terms. Yep, that'll do it.
-
@JKnott I dont know how they would know though. Who is to say I dont just have family/friends living with me permanently?
-
Well how many total users?
Also if you were in violation of some policy, wouldn't they just kill your access completely vs blocking you from accessing some other IP of theirs?
Makes no sense.. Hey this guy is sharing his account, lets let him go to the internet, but block his access to other customers IP?
-
I suspect there may be more to this than has been mentioned.
-
Just a couple families. We have recieved infringement notices in previous years but this all happened suddenly about 5 months ago. I dont know. I'm not going to call and ask about any of it outing myself as a user that does more than watch netflix with my immediate family like most people do. I dont want my connection shut off.
