pfSense blocking addic7ed, but how ?
-
@johnpoz said in pfSense blocking addic7ed, but how ?:
you should filter on the IP your trying to go too.. this 46.105.102.174
Or its going to only log everything - default to only 100 packets. So quite possible you miss what your looking for.
Also you can then download that in wireshark and get more details.. If there is an answer, was it RST or FIN, etc.
I still see only
11:31:06.926814 IP WAN_IP.1089 > 46.105.102.174.80: tcp 0and assuming that I understood you correctly for "If there is an answer, was it RST or FIN, etc." i see in pfTop:
pfTop: Up State 1-8/8 (571), View: default, Order: bytes PR DIR SRC DEST STATE AGE EXP PKTS BYTES tcp In 192.168.90.8:56162 46.105.102.174:443 ESTABLISHED:FIN_WAIT_2 00:08:17 00:10:08 3745 3625782 tcp Out WAN_IP:14382 46.105.102.174:443 FIN_WAIT_2:ESTABLISHED 00:08:17 00:10:08 3745 3625782 tcp In 192.168.90.3:32870 46.105.102.174:443 CLOSED:SYN_SENT 00:00:37 00:00:24 6 360Maybe using Packet Capture incorrectly ?!
-
@chudak Why is it going to port 80 when I asked you to go to https? Set your packet capture to WAN and host address 46.105.102.174 then start it, then go to your browser and try the address https://www.addic7ed.com and don't forget the S.
-
no clue why it shown port 80
hit in FF https://www.addic7ed.com/
11:42:51.219581 IP WAN_IP.4881 > 46.105.102.174.443: tcp 0 11:42:51.469814 IP WAN_IP.38930 > 46.105.102.174.443: tcp 0 11:42:52.238682 IP WAN_IP.4881 > 46.105.102.174.443: tcp 0 -
And you get no answer.. from that last sniff.. So pfsense is NOT blocking anything..
-
@johnpoz said in pfSense blocking addic7ed, but how ?:
And you get no answer.. from that last sniff.. So pfsense is NOT blocking anything..
I agreed with that !
The question after that was what is blocking ?
I checked on a remote ubuntu box and it works fine. Could it be my ISP +/- upstream DNS servers ?
-
@chudak I had a guy last week with this same problem. It turned out his IP address was blocked for too many bad logins. He had other IPs available and when he switched to another, the remote site responded and worked. Do you have a VPN you could try going there through?
-
@kom said in pfSense blocking addic7ed, but how ?:
@chudak I had a guy last week with this same problem. It turned out his IP address was blocked for too many bad logins. He had other IPs available and when he switched to another, the remote site responded and worked. Do you have a VPN you could try going there through?
That maybe a different issue.
I can use a remote system (not on my net) and can login from it.
Also in my case I can't even get to a login page... -
What is upstream of your pfsense? Just your ISP? Could be connectivity issue with that site from your isp, ie peering. Or the site themselves might of blocked your IP, etc.
DNS is not involved once you resolve the fqdn.. If you got the correct IP when you resolved, then dns is no longer in the picture.. I show that resolving to the same IP.
And works just fine here as far as connectivity is connected, get redirect to 443 when hit it on 80 via a 301 and then index is downloaded
user@NewUC:/tmp$ wget http://www.addic7ed.com/ --2021-05-14 14:28:08-- http://www.addic7ed.com/ Resolving www.addic7ed.com (www.addic7ed.com)... 46.105.102.174 Connecting to www.addic7ed.com (www.addic7ed.com)|46.105.102.174|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://www.addic7ed.com/ [following] --2021-05-14 14:28:08-- https://www.addic7ed.com/ Connecting to www.addic7ed.com (www.addic7ed.com)|46.105.102.174|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: ‘index.html’ index.html [ <=> ] 329.76K 968KB/s in 0.3s 2021-05-14 14:28:10 (968 KB/s) - ‘index.html’ saved [337672] user@NewUC:/tmp$ -
-
I can use a remote system (not on my net) and can login from it.
Well, that would make sense if your WAN address is blocked. The remote system isn't blocked.
Also in my case I can't even get to a login page...
In the other guys' case, they were blocking his IP at the external firewall so he didn't get a login page either.
-
@kom said in pfSense blocking addic7ed, but how ?:
I can use a remote system (not on my net) and can login from it.
Well, that would make sense if your WAN address is blocked. The remote system isn't blocked.
Also in my case I can't even get to a login page...
In the other guys' case, they were blocking his IP at the external firewall so he didn't get a login page either.
That's interesting...
Maybe then it's my case.Do you know by chance how many say bad requests did it take to get it blocked ? and how long was it blocked ?
https://www.addic7ed.com/downloadexceeded.php?why=2&ip=65.23.243.52
-
@chudak That depends entirely on whatever software they're using to monitor that. I have no idea. It could be fail2ban or something else. Unless you are using a user account to login to that website, his case would not apply to you. Perhaps you're blocked for another reason? We haven't yet established that you're being blocked, only that they do not respond to you. If you have a VPN (seriously, get one they're like $5/month) you could go there via your tunnel and see if it just works. Contact the site's host and ask them if you're blocked.
-
@kom said in pfSense blocking addic7ed, but how ?:
@chudak If you have a VPN (seriously, get one they're like $5/month) you could go there via your tunnel and see if it just works.
Forgot to mention that it did work via VPN tunnel
Thx
-
@chudak Well there you go.
