New COD MWII Blocked By pfSense
-
@emjeezy your pcap isn't actually attached, I can not download it.
You want to use the file upload, not image and might need to change to .pcap extension vs .cap
test cap
Testing file upload of pcap or .cap they seem to be working.
Make sure you use file not image
-
@rcoleman-netgate firewall is mostly default config, lightly configured. Will keep in mind though, ty.
-
@emjeezy that capture shows no connections at all to anything external
And looks like you are limited to 100 packets.. But there is no info in that pcap that would help.. Since your not trying to go anywhere other than 172.16.25.2 which sure isn't a internet IP.
You have some remote desktop connection in that sniff - I see the RDP 3389
-
@johnpoz i think the pcap i need to do is WAN and not local. Problem is with the WAN pcap i cannot filter (at least not from pfsense) on the local IP.
-
@emjeezy no lan is fine.. That sniff has zero traffic going to any internet address in it.. To get to the internet you have to send it to pfsense right? But pfsense isn't seeing any traffic going to the internet in that sniff.
-
You have some remote desktop connection in that sniff - I see the RDP 3389
yes i am remoted onto my gaming pc right nowTrying the pcap again on lan..
-
@emjeezy nor did see even any dns queries in that sniff. Only thing see in there is part of remote desktop connection.
You most likely filled up your sniff before you even started anything because you didn't change the limit from 100 to 0
-
@johnpoz said in New COD MWII Blocked By pfSense:
You most likely filled up your sniff before you even started anything because you didn't change the limit from 100 to 0
right, i forgot to change the 'count' to 0. changed it now and running another pcap while trying to connect to COD..
-
@emjeezy make sure you flushed the clients local dns cache as well - so we can see if any dns queries it asks for are not being answered.
-
copy. will do.
-
@johnpoz So fighting the pcap size, too large to upload here. Set count to a thousand packets and ran. Hopefully it captured some useful traffic. updated pcap attached.
-
@emjeezy well can see no dns responses for stuff being asked for
-
@johnpoz humm..yah thats my machine asking my firewall for dns..thats normal. Wonder why my firwewall would fail to answer. I have 8.8.8.8 set as primary and 9.9.9.9 as 2ndary dns server.
-
@emjeezy What is DNS Resolver set up for?
And System->General for the DNS calls?
Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
-
I didn't find any that didn't have a record.. From the ones that he showed no response for. I queried for them and they all responded.
But like that one with loginservice.prod in the name - if that doesn't get an answer, it highly unlikely to be able to login ;)
-
@emjeezy Is DNS resolver running? Check Status->Services
Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
-
@rcoleman-netgate he got a response for the ngx nvidia one - even though did seem delayed..
But don't see any other responses - maybe they were delayed as well, and the sniff stopped before they came in? But yeah checking to make sure they do respond would be step 1 in trying to figure out what is going on.
-
How about going to Diagnostics->DNS Lookup and running a few of those?
I couldn't get the ergeron one to resolve but I did get steampowered to
