Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to ping or tracrt to one specific external IP from one of 4 SG3100s

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 657 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      apothecaryjohn
      last edited by apothecaryjohn

      I have 4 locations all using the SG3100 running 23.01-RELEASE (arm)
      built on Fri Feb 10 20:06:58 UTC 2023 FreeBSD 14.0-CURRENT , all use same ISP. We are moving to a new telephone provider. The SIP server is at 209.183.174.20. Three of the units can connect, running ping and tracert from a network PC or the GUI to 209.183.174.20 returns fine. One of the units cant connect, running ping and tracert from a network PC or the GUI to 209.183.174.20 thru that unit fails 100%. I have configured a laptop with the same static IP, plugged directly into the ISP Modem and it works, so its not a blacklist / whitelist situation. That one unit can ping and tracert to all other domains and IPs that I have tried. The issue is specific to this IP and this unit. The problem is in the SG3100 at that location. All locations are configured the same , run VPN site to site etc. I have looked thru all settings and compared unit to unit and I just do not see what could be causing this. Nothing in any of the logs, all firewall rules are the same.

      Any thoughts would be greatly appreciated.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @apothecaryjohn
        last edited by

        @apothecaryjohn
        Run a packets capture on the WAN, while you try to access the concerned IP from inside your network.
        The packets should look like
        your WAN address > 209.183.174.20

        If so and you don't see response packets like
        209.183.174.20 > your WAN address
        all might be well on your site. The issue must be in the ISPs network then.

        A 1 Reply Last reply Reply Quote 0
        • A
          apothecaryjohn @viragomann
          last edited by

          @viragomann

          I ran the packet capture as you suggested, I do not see any listing of the affected IP 209.183.174.20 in the output?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @apothecaryjohn
            last edited by

            @apothecaryjohn
            If there is nothing it must either translated (DNAT, port forwarding), blocked inside, for instance by pfBlocker, or it is routed to another gateway.

            A 1 Reply Last reply Reply Quote 0
            • A
              apothecaryjohn @viragomann
              last edited by

              @viragomann

              I found the culprit, why it only has been on this one unit, I cant explain. It was being blocked by Snort..

              140:20
              (spp_sip) Invite replay attack

              Disabled the rule and it has resolved fine. All 4 units run Snort, only this one has had an issue.

              Thank you for your help.

              John

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.