Unable to Reach CloudFlare IP address via DNS/IP
-
Hello,
I am experiecing a wierd issue in which any DNS entry associated with Cloudflare IP 172.64.80.1.
I have searched PFBlocker and Suricata and do not see it blocked. Even disabled both to rule this as a problem. The site can be reached from other locations with PFSense installed.
Examples are the following sites that resolve to 172.64.80.1
epochconverter.com
forums.codeblocks.org[21.05.1-RELEASE][admin@Pfsense]/root: ping 172.64.80.1
PING 172.64.80.1 (172.64.80.1): 56 data bytes
ping: sendto: Permission denied
ping: sendto: Permission denied--- 172.64.80.1 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
[21.05.1-RELEASE][admin@Pfsense]/root: ping forums.codeblocks.org
PING forums.codeblocks.org (172.64.80.1): 56 data bytes
ping: sendto: Permission denied
ping: sendto: Permission denied--- forums.codeblocks.org ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
[21.05.1-RELEASE][admin@Pfsense]/root: ping epochconverter.com
PING epochconverter.com (172.64.80.1): 56 data bytes
ping: sendto: Permission denied
ping: sendto: Permission deniedAny other site works, example 8.8.8.8
[21.05.1-RELEASE][admin@Pfsense]/root: ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=118 time=4.919 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=4.985 msIf anyone can point me in the right direction, that would be appreciated.
-
@zatco said in Unable to Reach CloudFlare IP address via DNS/IP:
172.64.80.1
What firewall rules do you have on floating? I can duplicate your problem if I specific create an outbound rule on the floating tap
-
@johnpoz I have no floating rules or that IP listed in the IP block lists. I did a tracert to the IP and checked to see if the IPs before the 172.64.80.1 past my ISP are getting blocked, but they are not.
4 13 ms 13 ms 11 ms 69.63.249.209
5 17 ms 17 ms 12 ms 209.148.235.214
6 * * * Request timed out.
7 18 ms 15 ms 12 ms 172.64.80.1Issue affecting people from browsing specific sites. Its got to be something simple, just can't pinpoint it.
Is it possible ISP could be blocking the IP?
-
@zatco said in Unable to Reach CloudFlare IP address via DNS/IP:
Is it possible ISP could be blocking the IP?
anything is possible - but that shouldn't create a ping permission denied.. Do a sniff on your wan - do you see the ping go out? I would assume no if your getting permission denied on the send to.. But if see it go out - maybe your getting a specific reject back?
Or maybe that IP specifically is blocking your IP.. But again that really shouldn't create that error, unless there is a specific reject that comes back..
Sniff on your wan will show for sure be it your sending it out the wire..
Traceroute via linux normally defaults to UDP, and is not a icmp message other than ttl expired that comes back.