Can't reach Apple services
-
Something has been blocking network access to Apple services (facetime, app store, etc). I can't even ping apple.com (request timeouts all the way through). Other sites are reachable without a problem (e.g. google.com). DNS lookups from pfSense seem to return the correct IP addresses for apple. I thought that Snort might be blocking the access, but I have disabled Snort on all interfaces and rebooted, and no change in this behaviour. I also have pfBlockerNG running, not sure if this is somehow responsible? Any ideas for how I can troubleshoot this?
-
You can check your pfblockerNG alerts under the reports tab on the pfsense->pfblocker page.
I don't know if you are able in your environment, but I would test with pfblockerNG disabled.
-
Good suggestions. There was nothing for apple under the pfBlocker alerts page. I disable pfBlocker and rebooted pfSense, ensured that pfBlocker had not started - still unable to ping apple.com. As before, all other sites I can think of ping just fine other than Apple.
-
Also, not sure if this is related, but I notice that none of my pfBlocker feeds can update. I can't figure out what is blocking them.
-
It definitely sounds like a package issue. I would check the logs for each package you have installed.
I am still kind of an intermediate noob to pfense, but I think my judgement is sound (usually).
-
I propose the step that will show you the reason :
Backup your config.
Re instal; pfSense clean. No edits - no where. Ok to change the password. That's it.
Do not import the backup yet .Prepare a mirror.
Now, test your Internet connection : can you ping apple.com ?
It works ?! No more issues ?! Look in the mirror : there is your reason.
It still doesn't work ?! Look in the same mirror, and tell that guy to chose another up stream "WAN" provider (iSP).Btw : apple.com doesn't reply to ping for me neither.
That's purely because replying to ping is a choice.
The admin who maintains these devices :
17.172.224.47
17.178.96.59
17.142.160.59
decides not to reply on incoming ping requests.
Why not. It's a free world after all.Aple.com - or any other site, is not blocked by pfSense.
-
I can ping www.apple.com.
However, I cannot ping apple.com.
-
Never occurred to me to try the www - but that did work for me as well. So I am guessing the ping issue might have nothing to do with the difficulty connecting with Facetime and other Apple services. I disabled pfBlocker to see if that might help.
-
@pfguy2018 said in Can't reach Apple services:
Never occurred to me to try the www - but that did work for me as well. So I am guessing the ping issue might have nothing to do with the difficulty connecting with Facetime and other Apple services. I disabled pfBlocker to see if that might help.
Did you reboot your pfSense after you disabled pfBlockerng, I can't remember, but the reason I bring it up is that if pfBlockerng is in fact blocking Facetime and other Apple services, these blocks may still be cashed in memory and a reboot will clear them out. Just my 2 cents worth.
-
Yes, I did reboot after disabling and uninstalling.
-
apple.com is a host - probably a front host like a proxy with some IP's.
It's a host name NOT be be used or known to the public.host apple.comdoes show why it exists : it has to do with 'mails' ;)
like blabla@apple.com
apple.com has address 17.172.224.47 apple.com has address 17.142.160.59 apple.com has address 17.178.96.59 apple.com mail is handled by 10 nwk-aaemail-lapp01.apple.com. apple.com mail is handled by 10 nwk-aaemail-lapp02.apple.com. apple.com mail is handled by 10 nwk-aaemail-lapp03.apple.com. apple.com mail is handled by 10 ma1-aaemail-dr-lapp01.apple.com. apple.com mail is handled by 10 ma1-aaemail-dr-lapp02.apple.com. apple.com mail is handled by 10 ma1-aaemail-dr-lapp03.apple.com.These hosts do not reply to any form of ping.
Note : only ancient IPv4 are avaible.www.apple.com is another animal.
No need to explain it has a lot to do with the customers ? ;)
www.apple.com is an alias for www.apple.com.edgekey.net. www.apple.com.edgekey.net is an alias for www.apple.com.edgekey.net.globalredir.akadns.net. www.apple.com.edgekey.net.globalredir.akadns.net is an alias for e6858.dsce9.akamaiedge.net. e6858.dsce9.akamaiedge.net has address 23.215.180.234 e6858.dsce9.akamaiedge.net has IPv6 address 2a02:26f0:2b00:29c::1aca e6858.dsce9.akamaiedge.net has IPv6 address 2a02:26f0:2b00:28e::1acaThese all reply on ping (ICMP).
One might say : why should it ? ... it's just a web server.Remember : it's nice if a host replies to ping - but there is no law that says it has to.
-
Thanks. This makes the ping issue very clear. I am still trying to figure out whether I solved my FaceTime issue by uninstalling pfBlockerNG.
-
ok.
