Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Random Website Outages?

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 3 Posters 959 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JBob
      last edited by

      There will be random external websites (spotify, office365, ect. ) that I am unable to get to and it will last for a week or two but from 4G or other networks the site is still up. I have tried everything I can think of to fix this and need some help.

      My network has a few vlans and firewall rules but thats about it.

      The things I have tried and findings:

      • checked DNS resolving to correct address
      • changed MTU and MSS but did not change anything
      • all firewall rules are at zero blocked
      • packet capture on LAN shows packets coming into interface
      • packet capture on WAN does not have outgoing packets

      What configuration mistake could I have made that would result in packets not being routed to the WAN interface.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Do you have any IPv6?

        J 1 Reply Last reply Reply Quote 0
        • J
          JBob @stephenw10
          last edited by

          @stephenw10
          I don't use it internally and my WAN is an IPv4 address... I see that WAN has DHCP6 turned on. Is that what you are referring to?

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Yes, if your WAN is pulling an IPv6 address pfSense will try to use it on the LAN. Most clients will prefer IPv6 if they see it as available so if it shows but is actually invalid connections can take a age to timeout and fail.

            J 1 Reply Last reply Reply Quote 0
            • J
              JBob @stephenw10
              last edited by

              @stephenw10
              My WAN connection is IPv4. I have turned off DHCP6 just for safety, but a reboot of everything has not solved the websites not being available.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Ok, so when it fails you see packets coming into LAN but nothing leaving WAN? What packets exactly are you seeing there?
                You would only see that traffic fail to leave if there is a bad route present or something else grabbing the traffic like IPSec. So I would check you don't have a bad subnet somewhere or a misconfigured VPN.

                Steve

                J 1 Reply Last reply Reply Quote 0
                • J
                  JBob @stephenw10
                  last edited by

                  @stephenw10
                  The clients having issues are not connected via VPN.
                  I'm kind of a wireshark newb, but the only thing I see on the WAN that could be troubling is that there is the occasional ICMP "destination host unreachable" to random places (not to the places im having issues with)
                  I did a capture on all of the interfaces and didn't see packets being sent anywhere... they are just disappearing?

                  1 Reply Last reply Reply Quote 0
                  • J
                    JBob
                    last edited by

                    @stephenw10
                    OH FOUND IT. Snort had picked up the IP as suspicious and blocked it. Now just need to figure out how to add an FQDN to the snort pass list

                    bmeeksB 1 Reply Last reply Reply Quote 1
                    • bmeeksB
                      bmeeks @JBob
                      last edited by bmeeks

                      @jbob said in Random Website Outages?:

                      @stephenw10
                      OH FOUND IT. Snort had picked up the IP as suspicious and blocked it. Now just need to figure out how to add an FQDN to the snort pass list

                      Create a FQDN alias under FIREWALL > ALIASES in the pfSense menu. Then either create a new Pass List (or edit any existing one already assigned to the interface) and add the FQDN alias to the Pass List. When editing a Pass List, there are controls at the bottom of the page for adding, editing, or deleting IP addresses, networks, and host or network aliases.

                      Once the Pass List has been edited to include the FQDN alias, go edit the Snort interface and assign the Pass List using the drop-down selector for Pass List. Save the change and then restart Snort on the interface so that the binary daemon will see the change.

                      Note that FQDN aliases are resolved only once every 5 minutes. A host or domain that changes addresses more frequently than that may not be reliably resolved. Also, if the host or domain in question is part of a CDN (content delivery network), then the IP address will likely change too often to be effectively resolved for use in the Pass List.

                      Here is a post I created back a couple of years ago when the FQDN feature was added. There are some screenshots in the post of the feature in action, and from those you can also see how to configure them in a Pass List.

                      https://forum.netgate.com/topic/160771/new-often-requested-snort-feature-coming-soon

                      1 Reply Last reply Reply Quote 1
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.