Google.com blocked but local google domains are not....
-
Can you ping6 to (www.)google.com?
Do either of those other google domains return v6 IPs?
You'll have to check your own routing tables then. Does it all look correct?
Steve
-
-
That would never work.. You don't have a global address it seems, that source is link-local
But not sure how you could not have a route, you have to have a default route.
Do a traceroute to the IPv4 that comes back for www.google.com
But as we have now seen, you are not able to go to www.google.com at all - not that you can go there but searches are not working ;)
Something seems really odd that you can ping, but fetch says no route. Can you ping from pfsense? Or that ping was from your client.
Do you have any vpn setup on pfsense, where your doing policy routing for your clients?
-
Pings work from a client behind pfSense but we have not seen them work from pfSense itself.
So client traffic could be policy routed maybe.
-
@johnpoz said in Google.com blocked but local google domains are not....:
That would never work.. You don't have a global address it seems, that source is link-local
But not sure how you could not have a route, you have to have a default route.
Do a traceroute to the IPv4 that comes back for www.google.com
But as we have now seen, you are not able to go to www.google.com at all - not that you can go there but searches are not working ;)
Something seems really odd that you can ping, but fetch says no route. Can you ping from pfsense? Or that ping was from your client.
Do you have any vpn setup on pfsense, where your doing policy routing for your clients?
The ping was from pfsense itself
-
@stephenw10 said in Google.com blocked but local google domains are not....:
Pings work from a client behind pfSense but we have not seen them work from pfSense itself.
So client traffic could be policy routed maybe.
Outbound NAT
Outbound rules for interface
-
The ping you showed above was from a Windows client it looked like.
Otherwise I have no idea how that succeeded whilst fetch shows no route. Unless something changed in between those. -
@stephenw10 said in Google.com blocked but local google domains are not....:
The ping you showed above was from a Windows client it looked like.
Otherwise I have no idea how that succeeded whilst fetch shows no route. Unless something changed in between those.Just upgraded to 2.5.0 without issues and problem is gone. Why I havent got a clue about....
-
Ha, well take the win.
-
Yeah I say take the win - but makes no sense..
The problem with such solutions - if you want to call them that. Is you never know what the actual cause of the issue was.
If you could ping it - clearly there was a route.. And there is always the default route. I don't know enough about fetch to know why it might show such an error. But clearly if fetch could not load www.google.com something going on. The no route error could be a red herring sort of error.. Where that is not actually the problem.
-
@johnpoz I do agree. The update shouldnt have fixed it, but it did.
And yes its been bothering me for quite some time and I havent got a clue why. There is just no logic at all.
-
I was to quick....
Its back with no contact with google.com
-
So sniff on your wan and try to go to www.googhe.com - do you see a syn go out?
-
@johnpoz said in Google.com blocked but local google domains are not....:
So sniff on your wan and try to go to www.googhe.com - do you see a syn go out?
Not at all. It seems the UDP traffic is routed via the RDP client via the local client connected. I see a lot of UDP back and forth to the external IP of the client machine
Its mega weird...
-
@cool_corona said in Google.com blocked but local google domains are not....:
UDP traffic is routed via the RDP client via the local client connected. I see
UDP ?
RDP ?Where is google.com ? That one is TCP - and what has Google to do with RDP ?
-
@cool_corona said in Google.com blocked but local google domains are not....:
It seems the UDP traffic is routed via the RDP client via the local client connected
Huh???
Here - I sniff on my wan for the www.google.com IP..
I then open a browser to https://www.google.com - and you see the SYN sent, and then syn,ack back and the conversation.
-
@johnpoz I see nothing to google.com in the packet captures....
Like in NOTHING. Despite typing www.google.com in the adress bar of the browser.
Locally I run the ASUS RTAX88U and pfsense runs on a server at the office and is accessed via RDP.
-
@cool_corona said in Google.com blocked but local google domains are not....:
Locally I run the ASUS RTAX88U and pfsense runs on a server at the office and is accessed via RDP.
From pfsense do a traceroute to the www.google.com IP.
-
@johnpoz said in Google.com blocked but local google domains are not....:
@cool_corona said in Google.com blocked but local google domains are not....:
Locally I run the ASUS RTAX88U and pfsense runs on a server at the office and is accessed via RDP.
From pfsense do a traceroute to the www.google.com IP.
-
Are you tracing to the correct IP?
Your not showing the traceroute command.
So clearly you have a route - so why does your fetch say no route?
There is a piece to this puzzle that is missing - and once figure that out.. Its going to be a D'OH! moment..