Telegram bot not returning interaction for internal machine

cezarq · Jan 30, 2025, 4:48 PM

Olá!
I have a machine running a telegram bot to interactive with me.
Example:
Turn the light off?
<YES> <NO>
I receive the message, but when I click on the answer is not returning to the telegram bot for some reason and I get timeout answer.
It was working great before the pfSense and I can't figure out what is blocking the communication. I already tried to create rules allowing ALL <-> ALL in WAN and LAN to see the problem, but without success. Also there is no blocking in the logs. Any ideias, please?

stephenw10 · Jan 30, 2025, 5:30 PM

Where are you testing from? A client on the same subnet?

Do you see states created for the traffic?

Are you policy routing, have gateways set on the rules?

The rules shown in your screen show show 0 state and 0 bytes on the counters so have never matched anything.

cezarq · Jan 30, 2025, 6:23 PM

@stephenw10 thanks for reply.

Where are you testing from? A client on the same subnet?
Sorry, but I dont know if I understood the question, but the computer is in the LAN and my cellphone also, but the telegram server is on the Internet.

Do you see states created for the traffic?
Yes.

Are you policy routing, have gateways set on the rules?
The gateway is the default. I have only one gateway. Should I change anything here?

The rules shown in your screen show show 0 state and 0 bytes on the counters so have never matched anything.
Exactly

stephenw10 · Jan 30, 2025, 6:58 PM

Which of those is to the Telegram server?

I see one connection to a different local subnet.

Does it work if the cellphone using cellular data instead of local wifi?

Do you have port forwards setup to the bot machine?

Nothing there really nooks like an issue. I'd expect this to work fine as long as outbound traffic allowed.

cezarq · Jan 30, 2025, 7:34 PM

@stephenw10
Which of those is to the Telegram server?
The Telegram server is 149.154.167.220

I see one connection to a different local subnet.
Yes, to my IoT devices.

Does it work if the cellphone using cellular data instead of local wifi?
No. Same issue.

Do you have port forwards setup to the bot machine?
Yes, but not 443, another high port. Why, pls?

stephenw10 · Jan 30, 2025, 7:43 PM

I wouldn't expect to need any port forwards but was interested to if you had any. If the previous setup used them for example.

If Telegram somehow relies on open ports for reply traffic you might need to setup a static outbound NAT rule for the server. That seems unlikely though.

cezarq · Jan 30, 2025, 7:57 PM

@stephenw10 I never neeeded static outbound NAT rule before and I didnt find anything from Telegram asking to do so. :-(

I see communication from both sides but not working :

stephenw10 · Jan 30, 2025, 8:47 PM

What was your setup before pfSense?

Could be simply a coincidence that this stopped when you put pfSense in.

I have no idea what sort of logging or debugging the bot machine might be able to provide but I would check for any errors there.

cezarq · Jan 30, 2025, 9:21 PM

@stephenw10 I was using a UDM-PRO (Ubiquiti Gateway)

stephenw10 · Jan 30, 2025, 9:29 PM

And you don't see any blocked packets on WAN from 149.154.167.220?

If it was a source port randomisation issue you would expect to see blocked traffic.

cezarq · Jan 30, 2025, 9:31 PM

@stephenw10 Nothing. Thats why I am so lost...

stephenw10 · Jan 30, 2025, 10:33 PM

Well I'd be checking it works still when behind something else because it doesn't look like anything special should be required in pfSense.