Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to access www.google.com unless pfsense is rebooted. (no other websites affected)

    Scheduled Pinned Locked Moved
    DHCP and DNS
    3
    5
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Pete_AUST
      last edited by

      I have an odd issue whereas of late my pfSense box will randomly stop allowing connections to www.google.com.

      The only way I have found to resolve this is to reboot Pfsense.
      I am only using PfblockerNG had I have disabled it with the issue still occurring.

      If I bypass the pfSense box and connect a laptop directly to my NTU box Google can be browsed to fine.

      I have had Pfsense up and running for about 6 months before this started to occur.
      pfSense is running on a Qtom box with an i5 processor

      Tracert when the issue occurs
      C:\Users\Peter>tracert www.google.com

      Tracing route to www.google.com [142.250.70.228]
      over a maximum of 30 hops:

      1 * * * Request timed out.
      2 * * * Request timed out.
      3 * * * Request timed out.
      4 * * * Request timed out.
      5 * * * Request timed out.
      6 * * * Request timed out.
      7 * * * Request timed out.
      8 * * * Request timed out.
      9 * * * Request timed out.
      10 * * * Request timed out.
      11 * * * Request timed out.
      12 * * * Request timed out.
      13 * * * Request timed out.
      14 * * * Request timed out.
      15 * * * Request timed out.
      16 * * * Request timed out.
      17 * * * Request timed out.
      18 * * * Request timed out.
      19 * * * Request timed out.
      20 * * * Request timed out.
      21 * * * Request timed out.
      22 * * * Request timed out.
      23 * * * Request timed out.
      24 * * * Request timed out.
      25 * * * Request timed out.
      26 * * * Request timed out.
      27 * * * Request timed out.
      28 * * * Request timed out.
      29 153 ms 21 ms 21 ms mel05s02-in-f4.1e100.net [142.250.70.228]

      Then After rebooting pfSense
      C:\Users\Peter>tracert www.google.com

      Tracing route to www.google.com [142.250.70.228]
      over a maximum of 30 hops:

      1 1 ms <1 ms <1 ms pfSense.home.arpa [10.1.1.1]
      2 2 ms 3 ms 3 ms loop612451440.bng.adl.aussiebb.net [xx.xxx.xxx.x]
      3 20 ms 21 ms 21 ms HundredGigE0-0-0-12.core1.yourdc-haw.adl.aussiebb.net [180.150.2.120]
      4 21 ms 20 ms 20 ms be2.core1.yourdc-ed.adl.aussiebb.net [180.150.2.41]
      5 20 ms 21 ms 20 ms be7.core2.nextdc-s1.syd.aussiebb.net [180.150.0.151]
      6 21 ms 21 ms 21 ms 119-18-32-167.cust.aussiebb.net [119.18.32.167]
      7 21 ms 21 ms 21 ms 108.170.247.33
      8 21 ms 21 ms 21 ms 108.170.247.42
      9 21 ms 21 ms 20 ms 108.170.234.73
      10 22 ms 21 ms 29 ms 142.250.62.189
      11 22 ms 22 ms 22 ms 209.85.142.78
      12 21 ms 22 ms 21 ms 172.253.53.113
      13 22 ms 22 ms 23 ms 216.239.59.179
      14 22 ms 21 ms 21 ms mel05s02-in-f4.1e100.net [142.250.70.228]

      DNS Settings

      1. Is google
      2. Is my provider (Aussie Broadband)
        pfsense dns.PNG

      Ping failure from pfSense
      pfsense ping.PNG

      Anything that could point me in the right direction would be fantastic!
      This only affects Google all other sites e.g. Bing.com or duckduckgo.com work fine.

      All other websites like news.com.au have no issues.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Pete_AUST
        last edited by

        @pete_aust said in Unable to access www.google.com unless pfsense is rebooted. (no other websites affected):

        Tracing route to www.google.com [142.250.70.228]
        over a maximum of 30 hops:
        1 * * * Request timed out.

        Well why can you not even hit pfsense, which should be your first hop..

        1 1 ms <1 ms <1 ms pfSense.home.arpa [10.1.1.1]

        Wouldn't matter if your internet was completely down - you should still see pfsense as the first hop in your trace..

        Can you even ping pfsense IP 10.1.1.1?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.03

        P 1 Reply Last reply Reply Quote 0
        • P
          Pete_AUST @johnpoz
          last edited by Pete_AUST

          @johnpoz said in Unable to access www.google.com unless pfsense is rebooted. (no other websites affected):

          <1 ms  pfSense.home.arpa [10.1.1.1]

          Wouldn't matter if your internet was completely down - you should still see pfsense as the first hop in your trace..
          Can you even ping pfsense IP 10.1.1.1?

          If I issue a ping command and not a tracert it will respond

          C:\Users\Peter>ping 10.1.1.1

          Pinging 10.1.1.1 with 32 bytes of data:
          Reply from 10.1.1.1: bytes=32 time<1ms TTL=64
          Reply from 10.1.1.1: bytes=32 time<1ms TTL=64
          Reply from 10.1.1.1: bytes=32 time<1ms TTL=64
          Reply from 10.1.1.1: bytes=32 time<1ms TTL=64

          Ping statistics for 10.1.1.1:
          Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
          Approximate round trip times in milli-seconds:
          Minimum = 0ms, Maximum = 0ms, Average = 0ms

          C:\Users\Peter>nslookup 10.1.1.1
          Server: pfSense.home.arpa
          Address: 10.1.1.1

          Name: pfSense.home.arpa
          Address: 10.1.1.1

          and yes I can hit it as I took the screenshots from the web GUI

          news.com.au works fine, only google goes nowhere
          C:\Users\Peter>tracert www.news.com.au

          Tracing route to e3774.b.akamaiedge.net [23.202.160.209]
          over a maximum of 30 hops:

          1 <1 ms <1 ms <1 ms pfSense.home.arpa [10.1.1.1]
          2 7 ms 3 ms 11 ms loop612451440.bng.adl.aussiebb.net [XXXXXX]
          3 10 ms 10 ms 10 ms HundredGigE0-0-0-12.core1.yourdc-haw.adl.aussiebb.net [180.150.2.120]
          4 10 ms 11 ms 11 ms HundredGigE0-0-0-28.core4.ia-dce.portmel.aussiebb.net [180.150.1.138]
          5 11 ms 10 ms 10 ms be4.core3.nextdc-m1.mel.aussiebb.net [180.150.0.173]
          6 31 ms 34 ms 25 ms 123.253.148.246
          7 51 ms 111 ms 82 ms ae6.nextdc-mel2.netarch.akamai.com [23.56.129.133]
          8 9 ms 10 ms 10 ms a23-202-160-209.deploy.static.akamaitechnologies.com [23.202.160.209]

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @Pete_AUST
            last edited by johnpoz

            @pete_aust what is the route on your device.. If pfsense answers first hop for something else, but not for google.. Makes no sense that pfsense wouldn't answer your trace for google. Even if pfsense couldn't get there or tried to route it somewhere that wouldn't work - the first hop should answer if you actually sent the traffic to pfsense.

            Are you running something like ips or pfsense, any sort of vpn setup on pfsense? Doesn't make any sense that first hop doesn't answer even if pfsense couldn't get to where your trying to go.

            example

            $ tracert 192.168.45.56

Tracing route to 192.168.45.56 over a maximum of 30 hops

  1     1 ms    <1 ms    <1 ms  sg4860.local.lan [192.168.9.253]
  2     *        *        *     Request timed out.

            I do not have that network local, and I block all outbound access to rfc1918.. But as you can see still get answer for first hop.

            I would guess maybe your forcing traffic out a specific gateway on pfsense? But that makes no sense since its answering first hop on your other traces..

            What are you rules in your lan, any rules in floating?

            Are you running any alias sort of rules on your lan that could be blocking access to those IPs. So for example on my lan if I create a block rule to that 192.168.45 network... Then my trace doesn't answer.

            rules.jpg

            Because pfsense drops traffic to that IP before it does anything with it, even try and route it and answer your first hop in your trace. So if you had something that was causing something like that - it would explain why you don't get answer to first hop when trying to go there.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.03

            1 Reply Last reply Reply Quote 0
            • B
              broglah
              last edited by broglah

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • First post
                Last post