Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Can't reach Apple services

    General pfSense Questions
    4
    13
    98
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfguy2018 last edited by

      Something has been blocking network access to Apple services (facetime, app store, etc). I can't even ping apple.com (request timeouts all the way through). Other sites are reachable without a problem (e.g. google.com). DNS lookups from pfSense seem to return the correct IP addresses for apple. I thought that Snort might be blocking the access, but I have disabled Snort on all interfaces and rebooted, and no change in this behaviour. I also have pfBlockerNG running, not sure if this is somehow responsible? Any ideas for how I can troubleshoot this?

      1 Reply Last reply Reply Quote 0
      • U
        user_three Rebel Alliance last edited by

        You can check your pfblockerNG alerts under the reports tab on the pfsense->pfblocker page.

        I don't know if you are able in your environment, but I would test with pfblockerNG disabled.

        1 Reply Last reply Reply Quote 0
        • P
          pfguy2018 last edited by

          Good suggestions. There was nothing for apple under the pfBlocker alerts page. I disable pfBlocker and rebooted pfSense, ensured that pfBlocker had not started - still unable to ping apple.com. As before, all other sites I can think of ping just fine other than Apple.

          1 Reply Last reply Reply Quote 0
          • P
            pfguy2018 last edited by

            Also, not sure if this is related, but I notice that none of my pfBlocker feeds can update. I can't figure out what is blocking them.

            1 Reply Last reply Reply Quote 0
            • U
              user_three Rebel Alliance last edited by

              It definitely sounds like a package issue. I would check the logs for each package you have installed.

              I am still kind of an intermediate noob to pfense, but I think my judgement is sound (usually).

              1 Reply Last reply Reply Quote 0
              • Gertjan
                Gertjan last edited by

                I propose the step that will show you the reason :
                Backup your config.
                Re instal; pfSense clean. No edits - no where. Ok to change the password. That's it.
                Do not import the backup yet .

                Prepare a mirror.
                Now, test your Internet connection : can you ping apple.com ?
                It works ?! No more issues ?! Look in the mirror : there is your reason.
                It still doesn't work ?! Look in the same mirror, and tell that guy to chose another up stream "WAN" provider (iSP).

                Btw : apple.com doesn't reply to ping for me neither.
                That's purely because replying to ping is a choice.
                The admin who maintains these devices :
                17.172.224.47
                17.178.96.59
                17.142.160.59
                decides not to reply on incoming ping requests.
                Why not. It's a free world after all.

                Aple.com - or any other site, is not blocked by pfSense.

                1 Reply Last reply Reply Quote 0
                • U
                  user_three Rebel Alliance last edited by

                  I can ping www.apple.com.

                  However, I cannot ping apple.com.

                  1 Reply Last reply Reply Quote 0
                  • P
                    pfguy2018 last edited by

                    Never occurred to me to try the www - but that did work for me as well. So I am guessing the ping issue might have nothing to do with the difficulty connecting with Facetime and other Apple services. I disabled pfBlocker to see if that might help.

                    J 1 Reply Last reply Reply Quote 0
                    • J
                      jdeloach @pfguy2018 last edited by

                      @pfguy2018 said in Can't reach Apple services:

                      Never occurred to me to try the www - but that did work for me as well. So I am guessing the ping issue might have nothing to do with the difficulty connecting with Facetime and other Apple services. I disabled pfBlocker to see if that might help.

                      Did you reboot your pfSense after you disabled pfBlockerng, I can't remember, but the reason I bring it up is that if pfBlockerng is in fact blocking Facetime and other Apple services, these blocks may still be cashed in memory and a reboot will clear them out. Just my 2 cents worth.

                      1 Reply Last reply Reply Quote 0
                      • P
                        pfguy2018 last edited by

                        Yes, I did reboot after disabling and uninstalling.

                        1 Reply Last reply Reply Quote 0
                        • Gertjan
                          Gertjan last edited by

                          apple.com is a host - probably a front host like a proxy with some IP's.
                          It's a host name NOT be be used or known to the public.

                          host apple.com
                          

                          does show why it exists : it has to do with 'mails' ;)

                          like blabla@apple.com

                          apple.com has address 17.172.224.47
                          apple.com has address 17.142.160.59
                          apple.com has address 17.178.96.59
                          apple.com mail is handled by 10 nwk-aaemail-lapp01.apple.com.
                          apple.com mail is handled by 10 nwk-aaemail-lapp02.apple.com.
                          apple.com mail is handled by 10 nwk-aaemail-lapp03.apple.com.
                          apple.com mail is handled by 10 ma1-aaemail-dr-lapp01.apple.com.
                          apple.com mail is handled by 10 ma1-aaemail-dr-lapp02.apple.com.
                          apple.com mail is handled by 10 ma1-aaemail-dr-lapp03.apple.com.
                          

                          These hosts do not reply to any form of ping.
                          Note : only ancient IPv4 are avaible.

                          www.apple.com is another animal.

                          No need to explain it has a lot to do with the customers ? ;)

                          www.apple.com is an alias for www.apple.com.edgekey.net.
                          www.apple.com.edgekey.net is an alias for www.apple.com.edgekey.net.globalredir.akadns.net.
                          www.apple.com.edgekey.net.globalredir.akadns.net is an alias for e6858.dsce9.akamaiedge.net.
                          e6858.dsce9.akamaiedge.net has address 23.215.180.234
                          e6858.dsce9.akamaiedge.net has IPv6 address 2a02:26f0:2b00:29c::1aca
                          e6858.dsce9.akamaiedge.net has IPv6 address 2a02:26f0:2b00:28e::1aca
                          

                          These all reply on ping (ICMP).
                          One might say : why should it ? ... it's just a web server.

                          Remember : it's nice if a host replies to ping - but there is no law that says it has to.

                          P 1 Reply Last reply Reply Quote 0
                          • P
                            pfguy2018 @Gertjan last edited by

                            @Gertjan

                            Thanks. This makes the ping issue very clear. I am still trying to figure out whether I solved my FaceTime issue by uninstalling pfBlockerNG.

                            1 Reply Last reply Reply Quote 0
                            • U
                              user_three Rebel Alliance last edited by

                              ok.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post

                              Products

                              • Platform Overview
                              • TNSR
                              • pfSense Plus
                              • Appliances

                              Services

                              • Training
                              • Professional Services

                              Support

                              • Subscription Plans
                              • Contact Support
                              • Product Lifecycle
                              • Documentation

                              News

                              • Media Coverage
                              • Press
                              • Events

                              Resources

                              • Blog
                              • FAQ
                              • Find a Partner
                              • Resource Library
                              • Security Information

                              Company

                              • About Us
                              • Careers
                              • Partners
                              • Contact Us
                              • Legal
                              Our Mission

                              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                              Subscribe to our Newsletter

                              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                              © 2021 Rubicon Communications, LLC | Privacy Policy