Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Can't reach Apple services

    General pfSense Questions
    4
    13
    362
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfguy2018 last edited by

      Something has been blocking network access to Apple services (facetime, app store, etc). I can't even ping apple.com (request timeouts all the way through). Other sites are reachable without a problem (e.g. google.com). DNS lookups from pfSense seem to return the correct IP addresses for apple. I thought that Snort might be blocking the access, but I have disabled Snort on all interfaces and rebooted, and no change in this behaviour. I also have pfBlockerNG running, not sure if this is somehow responsible? Any ideas for how I can troubleshoot this?

      1 Reply Last reply Reply Quote 0
      • U
        user_three Rebel Alliance last edited by

        You can check your pfblockerNG alerts under the reports tab on the pfsense->pfblocker page.

        I don't know if you are able in your environment, but I would test with pfblockerNG disabled.

        1 Reply Last reply Reply Quote 0
        • P
          pfguy2018 last edited by

          Good suggestions. There was nothing for apple under the pfBlocker alerts page. I disable pfBlocker and rebooted pfSense, ensured that pfBlocker had not started - still unable to ping apple.com. As before, all other sites I can think of ping just fine other than Apple.

          1 Reply Last reply Reply Quote 0
          • P
            pfguy2018 last edited by

            Also, not sure if this is related, but I notice that none of my pfBlocker feeds can update. I can't figure out what is blocking them.

            1 Reply Last reply Reply Quote 0
            • U
              user_three Rebel Alliance last edited by

              It definitely sounds like a package issue. I would check the logs for each package you have installed.

              I am still kind of an intermediate noob to pfense, but I think my judgement is sound (usually).

              1 Reply Last reply Reply Quote 0
              • Gertjan
                Gertjan last edited by

                I propose the step that will show you the reason :
                Backup your config.
                Re instal; pfSense clean. No edits - no where. Ok to change the password. That's it.
                Do not import the backup yet .

                Prepare a mirror.
                Now, test your Internet connection : can you ping apple.com ?
                It works ?! No more issues ?! Look in the mirror : there is your reason.
                It still doesn't work ?! Look in the same mirror, and tell that guy to chose another up stream "WAN" provider (iSP).

                Btw : apple.com doesn't reply to ping for me neither.
                That's purely because replying to ping is a choice.
                The admin who maintains these devices :
                17.172.224.47
                17.178.96.59
                17.142.160.59
                decides not to reply on incoming ping requests.
                Why not. It's a free world after all.

                Aple.com - or any other site, is not blocked by pfSense.

                No "help me" PM's please. Use the forum.

                1 Reply Last reply Reply Quote 0
                • U
                  user_three Rebel Alliance last edited by

                  I can ping www.apple.com.

                  However, I cannot ping apple.com.

                  1 Reply Last reply Reply Quote 0
                  • P
                    pfguy2018 last edited by

                    Never occurred to me to try the www - but that did work for me as well. So I am guessing the ping issue might have nothing to do with the difficulty connecting with Facetime and other Apple services. I disabled pfBlocker to see if that might help.

                    J 1 Reply Last reply Reply Quote 0
                    • J
                      jdeloach @pfguy2018 last edited by

                      @pfguy2018 said in Can't reach Apple services:

                      Never occurred to me to try the www - but that did work for me as well. So I am guessing the ping issue might have nothing to do with the difficulty connecting with Facetime and other Apple services. I disabled pfBlocker to see if that might help.

                      Did you reboot your pfSense after you disabled pfBlockerng, I can't remember, but the reason I bring it up is that if pfBlockerng is in fact blocking Facetime and other Apple services, these blocks may still be cashed in memory and a reboot will clear them out. Just my 2 cents worth.

                      1 Reply Last reply Reply Quote 0
                      • P
                        pfguy2018 last edited by

                        Yes, I did reboot after disabling and uninstalling.

                        1 Reply Last reply Reply Quote 0
                        • Gertjan
                          Gertjan last edited by

                          apple.com is a host - probably a front host like a proxy with some IP's.
                          It's a host name NOT be be used or known to the public.

                          host apple.com

                          does show why it exists : it has to do with 'mails' ;)

                          like blabla@apple.com

                          apple.com has address 17.172.224.47
apple.com has address 17.142.160.59
apple.com has address 17.178.96.59
apple.com mail is handled by 10 nwk-aaemail-lapp01.apple.com.
apple.com mail is handled by 10 nwk-aaemail-lapp02.apple.com.
apple.com mail is handled by 10 nwk-aaemail-lapp03.apple.com.
apple.com mail is handled by 10 ma1-aaemail-dr-lapp01.apple.com.
apple.com mail is handled by 10 ma1-aaemail-dr-lapp02.apple.com.
apple.com mail is handled by 10 ma1-aaemail-dr-lapp03.apple.com.

                          These hosts do not reply to any form of ping.
                          Note : only ancient IPv4 are avaible.

                          www.apple.com is another animal.

                          No need to explain it has a lot to do with the customers ? ;)

                          www.apple.com is an alias for www.apple.com.edgekey.net.
www.apple.com.edgekey.net is an alias for www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net is an alias for e6858.dsce9.akamaiedge.net.
e6858.dsce9.akamaiedge.net has address 23.215.180.234
e6858.dsce9.akamaiedge.net has IPv6 address 2a02:26f0:2b00:29c::1aca
e6858.dsce9.akamaiedge.net has IPv6 address 2a02:26f0:2b00:28e::1aca

                          These all reply on ping (ICMP).
                          One might say : why should it ? ... it's just a web server.

                          Remember : it's nice if a host replies to ping - but there is no law that says it has to.

                          No "help me" PM's please. Use the forum.

                          P 1 Reply Last reply Reply Quote 0
                          • P
                            pfguy2018 @Gertjan last edited by

                            @Gertjan

                            Thanks. This makes the ping issue very clear. I am still trying to figure out whether I solved my FaceTime issue by uninstalling pfBlockerNG.

                            1 Reply Last reply Reply Quote 0
                            • U
                              user_three Rebel Alliance last edited by

                              ok.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post