Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    specific website suddenly unreachable

    Scheduled Pinned Locked Moved General pfSense Questions
    23 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      the_2PC
      last edited by

      A few days ago the website prohashing.com became unreachable. The site is not down, and I can reach it from anything not connected to my pf router. I can reach it if I connect directly to my modem and my ISP has confirmed they are not blocking it in any way. I can ping the site from my desktop and it returns the right IP, however the website remains completely unreachable. I've done the basic troubleshooting (reboots and such) but still nothing. I've got some computers that are mining (using prohashing pool) and they can access whatever prohashing resources just fine. It appears the website is the only thing not working as far as I can tell.

      Any suggestions on what my problem could be?
      Thanks

      KOMK AKEGECA GertjanG 3 Replies Last reply Reply Quote 0
      • KOMK
        KOM @the_2PC
        last edited by

        @the_2pc pfBlocker? Squidguard?

        T 1 Reply Last reply Reply Quote 0
        • T
          the_2PC @KOM
          last edited by

          @kom
          neither

          KOMK 1 Reply Last reply Reply Quote 0
          • KOMK
            KOM @the_2PC
            last edited by

            @the_2pc Any packages? I can get there no problem btw. What are you using for DNS?

            T 1 Reply Last reply Reply Quote 0
            • T
              the_2PC @KOM
              last edited by

              @kom

              I have badwidthd and openvpnclientexport, but I doubt either of those would cause this.
              In regards to DNS, if my understanding of pf is correct then it's been using the default. As a test I did enable DNS Query Forwarding (to force it to use the entries under System > General) they are, in order
              1.1.1.1
              9.9.9.9
              1.0.0.1
              208.67.222.222

              KOMK 1 Reply Last reply Reply Quote 0
              • KOMK
                KOM @the_2PC
                last edited by

                @the_2pc No idea. Take a packet capture of traffic to/from that IP address and then look at it in wireshark to see what's going on.

                T 1 Reply Last reply Reply Quote 0
                • T
                  the_2PC @KOM
                  last edited by

                  @kom

                  I'm not very good with wireshark, and I'm not sure what I'm looking for in this case. Could you take a look at the capture if I upload the file?

                  1 Reply Last reply Reply Quote 0
                  • T
                    the_2PC
                    last edited by

                    70736944-ff75-44fc-a0ee-a69601cb7764-image.png

                    Here's the info from the capture pertaining to my desktop. There was lots of other data from the PCs that are mining and it all looked normal. I'll look more into it to understand what this is telling me, but does anything obvious stick out to you?

                    KOMK 1 Reply Last reply Reply Quote 0
                    • KOMK
                      KOM @the_2PC
                      last edited by

                      @the_2pc That snippet looks like it's sending a SYN to initiate a connection but not getting a SYNACK back, so it keeps trying to start the handshake over and over.

                      1 Reply Last reply Reply Quote 0
                      • AKEGECA
                        AKEGEC @the_2PC
                        last edited by

                        @the_2pc after the terror attack in Belgium some of my clients have the same problems. Try to edit your hosts file. 😉

                        T 1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan @the_2PC
                          last edited by

                          @the_2pc said in specific website suddenly unreachable:

                          A few days ago the website prohashing.com became unreachable. The site is not down, and I can reach it from anything not connected to my pf router. I can reach it if I connect directly to my modem and my ISP has confirmed they are not blocking it in any way. I can ping the site from my desktop and it returns the right IP, however the website remains completely unreachable. I've done the basic troubleshooting (reboots and such) but still nothing. I've got some computers that are mining (using prohashing pool) and they can access whatever prohashing resources just fine. It appears the website is the only thing not working as far as I can tell.

                          Any suggestions on what my problem could be?
                          Thanks

                          What about asking asking pfSense what's up ?

                          dig @127.0.0.1 prohashing.com
                          

                          Also : use any site like https://zonemaster.net/domain_check and use it often.
                          In case of doubt, have it analysed.

                          Don't use these :

                          @the_2pc said in specific website suddenly unreachable:

                          1.1.1.1
                          9.9.9.9
                          1.0.0.1
                          208.67.222.222

                          The resolver (unbound) is a resolver. When you transform it into a dumb forwarder, you just add more things in the queue that can go wrong.

                          Btw : before you ask : no : pfSense doesn't know what "prohashing.com" is, who it is, whatever.
                          pfSense uses IP addresses. There are some DNS facilities on board, so humans can interface with the connected networks.
                          pfSense itself doesn't care less about domain names.

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          1 Reply Last reply Reply Quote 0
                          • T
                            the_2PC @AKEGEC
                            last edited by

                            @akegec said in specific website suddenly unreachable:

                            @the_2pc after the terror attack in Belgium some of my clients have the same problems. Try to edit your hosts file. 😉

                            Unfortunately this did not work :/

                            @gertjan said in specific website suddenly unreachable:

                            @the_2pc said in specific website suddenly unreachable:

                            A few days ago the website prohashing.com became unreachable. The site is not down, and I can reach it from anything not connected to my pf router. I can reach it if I connect directly to my modem and my ISP has confirmed they are not blocking it in any way. I can ping the site from my desktop and it returns the right IP, however the website remains completely unreachable. I've done the basic troubleshooting (reboots and such) but still nothing. I've got some computers that are mining (using prohashing pool) and they can access whatever prohashing resources just fine. It appears the website is the only thing not working as far as I can tell.

                            Any suggestions on what my problem could be?
                            Thanks

                            What about asking asking pfSense what's up ?

                            dig @127.0.0.1 prohashing.com
                            
                            ; <<>> DiG 9.12.2-P1 <<>> @127.0.0.1 prohashing.com
                            ; (1 server found)
                            ;; global options: +cmd
                            ;; Got answer:
                            ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4960
                            ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
                            
                            ;; OPT PSEUDOSECTION:
                            ; EDNS: version: 0, flags:; udp: 4096
                            ;; QUESTION SECTION:
                            ;prohashing.com.			IN	A
                            
                            ;; ANSWER SECTION:
                            prohashing.com.		366	IN	A	50.220.121.209
                            
                            ;; Query time: 0 msec
                            ;; SERVER: 127.0.0.1#53(127.0.0.1)
                            ;; WHEN: Wed May 05 18:15:31 UTC 2021
                            ;; MSG SIZE  rcvd: 59
                            

                            @gertjan said in specific website suddenly unreachable:

                            Also : use any site like https://zonemaster.net/domain_check and use it often.
                            In case of doubt, have it analysed.

                            	CONNECTIVITY
                            0	CONNECTIVITY	INFO	Nameserver dns1.registrar-servers.com/156.154.132.200 accessible over UDP on port 53.
                            1	CONNECTIVITY	INFO	Nameserver dns1.registrar-servers.com/2610:a1:1024::200 accessible over UDP on port 53.
                            2	CONNECTIVITY	INFO	Nameserver dns2.registrar-servers.com/156.154.133.200 accessible over UDP on port 53.
                            3	CONNECTIVITY	INFO	Nameserver dns2.registrar-servers.com/2610:a1:1025::200 accessible over UDP on port 53.
                            4	CONNECTIVITY	INFO	Nameserver dns1.registrar-servers.com/156.154.132.200 accessible over TCP on port 53.
                            5	CONNECTIVITY	INFO	Nameserver dns1.registrar-servers.com/2610:a1:1024::200 accessible over TCP on port 53.
                            6	CONNECTIVITY	ERROR	Nameserver dns2.registrar-servers.com/156.154.133.200 not accessible over TCP on port 53.
                            7	CONNECTIVITY	INFO	Nameserver dns2.registrar-servers.com/2610:a1:1025::200 accessible over TCP on port 53.
                            8	CONNECTIVITY	INFO	At least two IPv4 addresses of the authoritative nameservers are announce by different AS sets. A merged list of all AS: (19905, 397213, 397218, 397228, 397232, 397235, 397238, 397242).
                            9	CONNECTIVITY	INFO	At least two IPv6 add
                            
                            	DNSSEC
                            0	DNSSEC	NOTICE	There are neither DS nor DNSKEY records for the zone.
                            1	DNSSEC	NOTICE	The zone is not signed with DNSSEC.
                            

                            I'm not smart enough to know what I need to do with the information I've found here.

                            @gertjan said in specific website suddenly unreachable:

                            Don't use these :

                            @the_2pc said in specific website suddenly unreachable:

                            1.1.1.1
                            9.9.9.9
                            1.0.0.1
                            208.67.222.222

                            The resolver (unbound) is a resolver. When you transform it into a dumb forwarder, you just add more things in the queue that can go wrong.

                            This problem existed before I changed to these DNS servers, I enabled the "dns query forwarding" option as a troubleshooting step.

                            KOMK 1 Reply Last reply Reply Quote 0
                            • KOMK
                              KOM @the_2PC
                              last edited by

                              @the_2pc Do you have just the one WAN?

                              T 1 Reply Last reply Reply Quote 0
                              • T
                                the_2PC @KOM
                                last edited by

                                @kom
                                Yes. We have a block of 5 IPs on our account, but only 1 coming into this pf box. The others are currently unused.

                                KOMK 1 Reply Last reply Reply Quote 0
                                • KOMK
                                  KOM @the_2PC
                                  last edited by

                                  @the_2pc Do a packet capture that keys on 50.220.121.209, then do a find & replace on the results to remove your public IP, then post it here so me or others can look at what's going on. That small snippet you posted above isn't enough information to see what's going on.

                                  KOMK 1 Reply Last reply Reply Quote 0
                                  • KOMK
                                    KOM @KOM
                                    last edited by KOM

                                    @kom The file was sent privately and I've replaced his public IP with 12.34.56.78:

                                    cap.txt

                                    You have something constantly talking to that IP via port 3339 and those comms happen just fine. All the attempts to start a connection with port 443 are not replied to. The other end isn't responding. I don't understand how pfSense would be the cause, but you say the problem goes away if you take it out of the loop.

                                    T 1 Reply Last reply Reply Quote 0
                                    • T
                                      the_2PC @KOM
                                      last edited by

                                      @kom

                                      Port 3339 is the port for the mining software, which is working fine. I will contact their support and see if our IP has been blocked or something, because it's fine from literally every other source.

                                      KOMK 1 Reply Last reply Reply Quote 0
                                      • KOMK
                                        KOM @the_2PC
                                        last edited by

                                        @the_2pc You did say it worked fine without pfSense involved though, so that can't be it.

                                        T 1 Reply Last reply Reply Quote 0
                                        • T
                                          the_2PC @KOM
                                          last edited by the_2PC

                                          @kom

                                          Well, maybe. When I plugged directly into the modem it gave us a DHCP IP, it was not using our static. I did not have an easy way at the time to use our static IP without using PF (during the workday I cant just take everyone offline or I'll have some very unhappy coworkers)

                                          KOMK 1 Reply Last reply Reply Quote 0
                                          • KOMK
                                            KOM @the_2PC
                                            last edited by

                                            @the_2pc A-HA! I knew there had to be something else. Do you have more than one static IP you could try?

                                            T 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.