Google.com blocked but local google domains are not....
-
@johnpoz said in Google.com blocked but local google domains are not....:
Where is that working - I see a get.. I don't see the OK (200) response. Where is the rest of what that would show if you actually went there and pulled data.. Again see my example.
I want nothing more than to help you figure out what the problem is.. But I fail to understand why this has to be like pulling teeth with a pair of chopsticks..
Here is a simple test.. do a fetch www.google.com from pfsense. Look what you get..
I know but I dont get anymore than that as a reply and then it times out.
Looking a local google domains, its not a problem
-
If you get no response from www.google.com then how does it work when you visit the page?
-
I get this from pfsense
fetch: https://www.google.com: No route to host
I cant visit the page. I get no reply.
Everything else than .com works flawlessly
-
Ah, so a routing problem.
Run
host www.google.com
and show us your routing table.Though you see to be able to ping it..... but maybe not from pfSense itself.
Steve
-
-
...and your routing table?
This could be an IPV6 issue....
Steve
-
@stephenw10 Some IP info in there that I dont want on the forum...
Running netstat -r
-
Can you ping6 to (www.)google.com?
Do either of those other google domains return v6 IPs?
You'll have to check your own routing tables then. Does it all look correct?
Steve
-
-
That would never work.. You don't have a global address it seems, that source is link-local
But not sure how you could not have a route, you have to have a default route.
Do a traceroute to the IPv4 that comes back for www.google.com
But as we have now seen, you are not able to go to www.google.com at all - not that you can go there but searches are not working ;)
Something seems really odd that you can ping, but fetch says no route. Can you ping from pfsense? Or that ping was from your client.
Do you have any vpn setup on pfsense, where your doing policy routing for your clients?
-
Pings work from a client behind pfSense but we have not seen them work from pfSense itself.
So client traffic could be policy routed maybe.
-
@johnpoz said in Google.com blocked but local google domains are not....:
That would never work.. You don't have a global address it seems, that source is link-local
But not sure how you could not have a route, you have to have a default route.
Do a traceroute to the IPv4 that comes back for www.google.com
But as we have now seen, you are not able to go to www.google.com at all - not that you can go there but searches are not working ;)
Something seems really odd that you can ping, but fetch says no route. Can you ping from pfsense? Or that ping was from your client.
Do you have any vpn setup on pfsense, where your doing policy routing for your clients?
The ping was from pfsense itself
-
@stephenw10 said in Google.com blocked but local google domains are not....:
Pings work from a client behind pfSense but we have not seen them work from pfSense itself.
So client traffic could be policy routed maybe.
Outbound NAT
Outbound rules for interface
-
The ping you showed above was from a Windows client it looked like.
Otherwise I have no idea how that succeeded whilst fetch shows no route. Unless something changed in between those. -
@stephenw10 said in Google.com blocked but local google domains are not....:
The ping you showed above was from a Windows client it looked like.
Otherwise I have no idea how that succeeded whilst fetch shows no route. Unless something changed in between those.Just upgraded to 2.5.0 without issues and problem is gone. Why I havent got a clue about....
-
Ha, well take the win.
-
Yeah I say take the win - but makes no sense..
The problem with such solutions - if you want to call them that. Is you never know what the actual cause of the issue was.
If you could ping it - clearly there was a route.. And there is always the default route. I don't know enough about fetch to know why it might show such an error. But clearly if fetch could not load www.google.com something going on. The no route error could be a red herring sort of error.. Where that is not actually the problem.
-
@johnpoz I do agree. The update shouldnt have fixed it, but it did.
And yes its been bothering me for quite some time and I havent got a clue why. There is just no logic at all.
-
I was to quick....
Its back with no contact with google.com
-
So sniff on your wan and try to go to www.googhe.com - do you see a syn go out?