Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Approach to troubleshoot a connection to a single website. - solved

    Scheduled Pinned Locked Moved Firewalling
    10 Posts 2 Posters 783 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mervincm
      last edited by mervincm

      pfsense 2.5 dev build nightly oct-28
      I am consistently unable to reach a specific public website from behind my pfSense firewall. I get a generic "connection took too long to respond message". The site is up as if I pop my phone to LTE it opens fine. The problem exists on wired / wireless devices.

      It does not seem to be DNS as I can resolve the hostname via client devices and via pfsense diagnostics menu.
      the hostname resolves to 7 ip but that shouldn't be an issue.

      ping is not useful as this host appears to block icmp.

      traceroute on my clients and pfsense diagnostic menu look similar.

      It would be handy if the pfsense diagnostic had an open https page alas ...

      no blocking packages loaded,

      I see outbound connections that seem to be blocked that I can not explain, this might be related.

      on the dashboard, add the firewall logs part and filter LAN and block and I see connections blocked that I am not sure why would be blocked.

      I am not sure what to look at next.

      looking at the firewall rules / LAN, I see the three base rules (anti-lockout, default allow LAN ipv4 and ipv6)

      JKnottJ 1 Reply Last reply Reply Quote 0
      • M
        mervincm
        last edited by

        As an example this is blocked but I am not sure why
        68cc63f3-e995-4324-8a68-c08a71b14083-image.png

        10.0.3.5 is my iphone

        1 Reply Last reply Reply Quote 0
        • JKnottJ
          JKnott @mervincm
          last edited by

          @mervincm

          If it's just the one site, I would suggest it's not a pfSense issue, unless you have a specific rule blocking it. Have you tried that site from elsewhere? Or with a computer connected directly to your Internet connection?

          FWIW, I can't reach that site either.

          "Unable to connect

          Firefox can’t establish a connection to the server at 142.229.173.56."

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 1
          • M
            mervincm
            last edited by

            I may have given misleading details. That was an example of unexplained blocking I see in my pfsense portal. I was just trying to point out that maybe I have a larger issue as I can't explain that either.

            the specific site that I am trying to troubleshoot is https://meet.alberta.ca. I tried from other locations and it opens properly.

            JKnottJ 1 Reply Last reply Reply Quote 0
            • JKnottJ
              JKnott @mervincm
              last edited by

              @mervincm said in Approach to troubleshoot a connection to a single website.:

              I tried from other locations and it opens properly.

              Try with a computer connected directly to your Internet connection.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              M 1 Reply Last reply Reply Quote 1
              • M
                mervincm
                last edited by

                I do not have another PC on my ISP directly, (I only get a single IP) but I can confirm widescale the site is up (via https://www.uptrends.com/tools/uptime) and I confirmed with another person who shares my ISP that they can reach it.

                M 1 Reply Last reply Reply Quote 0
                • M
                  mervincm @mervincm
                  last edited by

                  @mervincm I also have a fiber-based (Telus) ISP, with no ISP gear in my house other than the optical transceiver I have in my switch. That switch port is in a port-based VLAN that only also includes the WAN port of my pfsense PC. There is no double NAT or a ISP router/firewall device to worry about.

                  1 Reply Last reply Reply Quote 0
                  • M
                    mervincm @JKnott
                    last edited by

                    @JKnott
                    Your first thought seems to be correct.
                    I put a test system right on my ISP VLAN, and contrary to what I expected, I did get a second IP! This test PC was not using pfsense but demonstrated the same problematic behaviour. The problem site was still not reachable.

                    I can't explain it, but it seems not to be pfsense after all.

                    I will open a separate thread for the pfsense blocking that remains unexplained.

                    Thank you!

                    JKnottJ 1 Reply Last reply Reply Quote 0
                    • JKnottJ
                      JKnott @mervincm
                      last edited by

                      @mervincm said in Approach to troubleshoot a connection to a single website. - solved:

                      @JKnott
                      Your first thought seems to be correct.
                      I put a test system right on my ISP VLAN, and contrary to what I expected, I did get a second IP! This test PC was not using pfsense but demonstrated the same problematic behaviour. The problem site was still not reachable.

                      I can't explain it, but it seems not to be pfsense after all.

                      I will open a separate thread for the pfsense blocking that remains unexplained.

                      Thank you!

                      If you've proven that pfSense is not the problem, why are you opening another thread? If it fails with your computer directly connected to the modem, then it has absolutely nothing to do with pfSense. You could try traceroute, to see where the probelm might be. It sounds more like a routing problem with Telus. Do you know anyone else with a similar connection who could try?

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      M 1 Reply Last reply Reply Quote 1
                      • M
                        mervincm @JKnott
                        last edited by

                        @JKnott
                        I must be confusing with the details I added.

                        The single website issue (in the title) is explained and can be considered closed. I can't find anyone else that is having this issue, and I know several with the same ISP/service, but given it fails when I bypass pfsense, it is clearly not a pfsense issue. thus I closed the thread.

                        I still see a variety of outbound blocked packets that I can't explain. It made more sense to me to open a separate thread to avoid similar confusion.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.