Google.com blocked but local google domains are not....
-
@stephenw10 said in Google.com blocked but local google domains are not....:
Pings work from a client behind pfSense but we have not seen them work from pfSense itself.
So client traffic could be policy routed maybe.
Outbound NAT
Outbound rules for interface
-
The ping you showed above was from a Windows client it looked like.
Otherwise I have no idea how that succeeded whilst fetch shows no route. Unless something changed in between those. -
@stephenw10 said in Google.com blocked but local google domains are not....:
The ping you showed above was from a Windows client it looked like.
Otherwise I have no idea how that succeeded whilst fetch shows no route. Unless something changed in between those.Just upgraded to 2.5.0 without issues and problem is gone. Why I havent got a clue about....
-
Ha, well take the win.
-
Yeah I say take the win - but makes no sense..
The problem with such solutions - if you want to call them that. Is you never know what the actual cause of the issue was.
If you could ping it - clearly there was a route.. And there is always the default route. I don't know enough about fetch to know why it might show such an error. But clearly if fetch could not load www.google.com something going on. The no route error could be a red herring sort of error.. Where that is not actually the problem.
-
@johnpoz I do agree. The update shouldnt have fixed it, but it did.
And yes its been bothering me for quite some time and I havent got a clue why. There is just no logic at all.
-
I was to quick....
Its back with no contact with google.com
-
So sniff on your wan and try to go to www.googhe.com - do you see a syn go out?
-
@johnpoz said in Google.com blocked but local google domains are not....:
So sniff on your wan and try to go to www.googhe.com - do you see a syn go out?
Not at all. It seems the UDP traffic is routed via the RDP client via the local client connected. I see a lot of UDP back and forth to the external IP of the client machine
Its mega weird...
-
@cool_corona said in Google.com blocked but local google domains are not....:
UDP traffic is routed via the RDP client via the local client connected. I see
UDP ?
RDP ?Where is google.com ? That one is TCP - and what has Google to do with RDP ?
-
@cool_corona said in Google.com blocked but local google domains are not....:
It seems the UDP traffic is routed via the RDP client via the local client connected
Huh???
Here - I sniff on my wan for the www.google.com IP..
I then open a browser to https://www.google.com - and you see the SYN sent, and then syn,ack back and the conversation.
-
@johnpoz I see nothing to google.com in the packet captures....
Like in NOTHING. Despite typing www.google.com in the adress bar of the browser.
Locally I run the ASUS RTAX88U and pfsense runs on a server at the office and is accessed via RDP.
-
@cool_corona said in Google.com blocked but local google domains are not....:
Locally I run the ASUS RTAX88U and pfsense runs on a server at the office and is accessed via RDP.
From pfsense do a traceroute to the www.google.com IP.
-
@johnpoz said in Google.com blocked but local google domains are not....:
@cool_corona said in Google.com blocked but local google domains are not....:
Locally I run the ASUS RTAX88U and pfsense runs on a server at the office and is accessed via RDP.
From pfsense do a traceroute to the www.google.com IP.
-
Are you tracing to the correct IP?
Your not showing the traceroute command.
So clearly you have a route - so why does your fetch say no route?
There is a piece to this puzzle that is missing - and once figure that out.. Its going to be a D'OH! moment..
-
I had a similar issue about couple of days ago but couldn’t find any issue with pfSense as I could do ping trace etc. It sorted itself out the next day.
I don’t think it’s a pfSense issue.
I have one of the VLANs setup for testing purposes bypassing Suricata and DNSBL. So I can test if there is any problem accessing websites (without upsetting my wife )
Hope it helps !
-
So to be clear you are RDPing to a machine at your office and testing from that machine?
That is where all your traceroutes pings etc are run? Not locally?
Steve
-
@stephenw10 said in Google.com blocked but local google domains are not....:
So to be clear you are RDPing to a machine at your office and testing from that machine?
That is where all your traceroutes pings etc are run? Not locally?
Steve
Yes.
-
@rameshk said in Google.com blocked but local google domains are not....:
I had a similar issue about couple of days ago but couldn’t find any issue with pfSense as I could do ping trace etc. It sorted itself out the next day.
I don’t think it’s a pfSense issue.
I have one of the VLANs setup for testing purposes bypassing Suricata and DNSBL. So I can test if there is any problem accessing websites (without upsetting my wife )
Hope it helps !
It did here also until it stopped again. I cant wrap ny head around it. Stopping and clearing Suricata blocks... stopping DNSBL and it still doesnt work
-
@johnpoz said in Google.com blocked but local google domains are not....:
Are you tracing to the correct IP?
Your not showing the traceroute command.
So clearly you have a route - so why does your fetch say no route?
There is a piece to this puzzle that is missing - and once figure that out.. Its going to be a D'OH! moment..
I got that.... its funny HAHAHAHAHA