specific website suddenly unreachable
-
A few days ago the website prohashing.com became unreachable. The site is not down, and I can reach it from anything not connected to my pf router. I can reach it if I connect directly to my modem and my ISP has confirmed they are not blocking it in any way. I can ping the site from my desktop and it returns the right IP, however the website remains completely unreachable. I've done the basic troubleshooting (reboots and such) but still nothing. I've got some computers that are mining (using prohashing pool) and they can access whatever prohashing resources just fine. It appears the website is the only thing not working as far as I can tell.
Any suggestions on what my problem could be?
Thanks -
@the_2pc pfBlocker? Squidguard?
-
@kom
neither -
@the_2pc Any packages? I can get there no problem btw. What are you using for DNS?
-
I have badwidthd and openvpnclientexport, but I doubt either of those would cause this.
In regards to DNS, if my understanding of pf is correct then it's been using the default. As a test I did enable DNS Query Forwarding (to force it to use the entries under System > General) they are, in order
1.1.1.1
9.9.9.9
1.0.0.1
208.67.222.222 -
@the_2pc No idea. Take a packet capture of traffic to/from that IP address and then look at it in wireshark to see what's going on.
-
I'm not very good with wireshark, and I'm not sure what I'm looking for in this case. Could you take a look at the capture if I upload the file?
-
Here's the info from the capture pertaining to my desktop. There was lots of other data from the PCs that are mining and it all looked normal. I'll look more into it to understand what this is telling me, but does anything obvious stick out to you?
-
@the_2pc That snippet looks like it's sending a SYN to initiate a connection but not getting a SYNACK back, so it keeps trying to start the handshake over and over.
-
@the_2pc after the terror attack in Belgium some of my clients have the same problems. Try to edit your hosts file.
-
@the_2pc said in specific website suddenly unreachable:
A few days ago the website prohashing.com became unreachable. The site is not down, and I can reach it from anything not connected to my pf router. I can reach it if I connect directly to my modem and my ISP has confirmed they are not blocking it in any way. I can ping the site from my desktop and it returns the right IP, however the website remains completely unreachable. I've done the basic troubleshooting (reboots and such) but still nothing. I've got some computers that are mining (using prohashing pool) and they can access whatever prohashing resources just fine. It appears the website is the only thing not working as far as I can tell.
Any suggestions on what my problem could be?
ThanksWhat about asking asking pfSense what's up ?
dig @127.0.0.1 prohashing.com
Also : use any site like https://zonemaster.net/domain_check and use it often.
In case of doubt, have it analysed.Don't use these :
@the_2pc said in specific website suddenly unreachable:
1.1.1.1
9.9.9.9
1.0.0.1
208.67.222.222The resolver (unbound) is a resolver. When you transform it into a dumb forwarder, you just add more things in the queue that can go wrong.
Btw : before you ask : no : pfSense doesn't know what "prohashing.com" is, who it is, whatever.
pfSense uses IP addresses. There are some DNS facilities on board, so humans can interface with the connected networks.
pfSense itself doesn't care less about domain names. -
@akegec said in specific website suddenly unreachable:
@the_2pc after the terror attack in Belgium some of my clients have the same problems. Try to edit your hosts file.
Unfortunately this did not work :/
@gertjan said in specific website suddenly unreachable:
@the_2pc said in specific website suddenly unreachable:
A few days ago the website prohashing.com became unreachable. The site is not down, and I can reach it from anything not connected to my pf router. I can reach it if I connect directly to my modem and my ISP has confirmed they are not blocking it in any way. I can ping the site from my desktop and it returns the right IP, however the website remains completely unreachable. I've done the basic troubleshooting (reboots and such) but still nothing. I've got some computers that are mining (using prohashing pool) and they can access whatever prohashing resources just fine. It appears the website is the only thing not working as far as I can tell.
Any suggestions on what my problem could be?
ThanksWhat about asking asking pfSense what's up ?
dig @127.0.0.1 prohashing.com
; <<>> DiG 9.12.2-P1 <<>> @127.0.0.1 prohashing.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4960 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;prohashing.com. IN A ;; ANSWER SECTION: prohashing.com. 366 IN A 50.220.121.209 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed May 05 18:15:31 UTC 2021 ;; MSG SIZE rcvd: 59
@gertjan said in specific website suddenly unreachable:
Also : use any site like https://zonemaster.net/domain_check and use it often.
In case of doubt, have it analysed.CONNECTIVITY 0 CONNECTIVITY INFO Nameserver dns1.registrar-servers.com/156.154.132.200 accessible over UDP on port 53. 1 CONNECTIVITY INFO Nameserver dns1.registrar-servers.com/2610:a1:1024::200 accessible over UDP on port 53. 2 CONNECTIVITY INFO Nameserver dns2.registrar-servers.com/156.154.133.200 accessible over UDP on port 53. 3 CONNECTIVITY INFO Nameserver dns2.registrar-servers.com/2610:a1:1025::200 accessible over UDP on port 53. 4 CONNECTIVITY INFO Nameserver dns1.registrar-servers.com/156.154.132.200 accessible over TCP on port 53. 5 CONNECTIVITY INFO Nameserver dns1.registrar-servers.com/2610:a1:1024::200 accessible over TCP on port 53. 6 CONNECTIVITY ERROR Nameserver dns2.registrar-servers.com/156.154.133.200 not accessible over TCP on port 53. 7 CONNECTIVITY INFO Nameserver dns2.registrar-servers.com/2610:a1:1025::200 accessible over TCP on port 53. 8 CONNECTIVITY INFO At least two IPv4 addresses of the authoritative nameservers are announce by different AS sets. A merged list of all AS: (19905, 397213, 397218, 397228, 397232, 397235, 397238, 397242). 9 CONNECTIVITY INFO At least two IPv6 add
DNSSEC 0 DNSSEC NOTICE There are neither DS nor DNSKEY records for the zone. 1 DNSSEC NOTICE The zone is not signed with DNSSEC.
I'm not smart enough to know what I need to do with the information I've found here.
@gertjan said in specific website suddenly unreachable:
Don't use these :
@the_2pc said in specific website suddenly unreachable:
1.1.1.1
9.9.9.9
1.0.0.1
208.67.222.222The resolver (unbound) is a resolver. When you transform it into a dumb forwarder, you just add more things in the queue that can go wrong.
This problem existed before I changed to these DNS servers, I enabled the "dns query forwarding" option as a troubleshooting step.
-
@the_2pc Do you have just the one WAN?
-
@kom
Yes. We have a block of 5 IPs on our account, but only 1 coming into this pf box. The others are currently unused. -
@the_2pc Do a packet capture that keys on 50.220.121.209, then do a find & replace on the results to remove your public IP, then post it here so me or others can look at what's going on. That small snippet you posted above isn't enough information to see what's going on.
-
@kom The file was sent privately and I've replaced his public IP with 12.34.56.78:
You have something constantly talking to that IP via port 3339 and those comms happen just fine. All the attempts to start a connection with port 443 are not replied to. The other end isn't responding. I don't understand how pfSense would be the cause, but you say the problem goes away if you take it out of the loop.
-
Port 3339 is the port for the mining software, which is working fine. I will contact their support and see if our IP has been blocked or something, because it's fine from literally every other source.
-
@the_2pc You did say it worked fine without pfSense involved though, so that can't be it.
-
Well, maybe. When I plugged directly into the modem it gave us a DHCP IP, it was not using our static. I did not have an easy way at the time to use our static IP without using PF (during the workday I cant just take everyone offline or I'll have some very unhappy coworkers)
-
@the_2pc A-HA! I knew there had to be something else. Do you have more than one static IP you could try?