Problems with accessing a single specific webpage

Caledorn

Hello everyone

I'm not sure if this is the right subforum to post this, but I suspect it is a firewall issue, so I'm posting it here anyways.

I'm trying to connect to the webpage http://bloodbowl.nexway.com unsuccessfully - and if I remove the pfSense router as the middle-link between the network and the modem I can open the page perfectly. I have upgraded the firmware to 1.2.3-rc3, but this did not help. I have checked my firewall rules, but can't find anything in there that should trigger this. I have disabled packet shaping just to check if that would have any effect - but nothing .. I can't even ping the ip of the host from the pfSense router - I just get 100% packet loss.

Does anyone have any clue as to what the problem might be? I'm at my wits end here .. :-(

Thanks in advance for any helpful suggestions!

Best Regards,
Morten W.

Perry

http://forum.pfsense.org/index.php/topic,9301.msg52658.html#msg52658

Caledorn

Thank you for the link to that thread!

Trying to ping with different MTU's on my linux box did not alleviate the problem - also the problem only relates to this single specific site, as far as I am aware of. I have never encountered this issue on any webpages I've visited until now afaik, and I've had my ISP for nearly 2 years now. :-\

Perry

Check gateway, CIDR and DNS
Can you access the following sites

You can try this by going to http://mobile-entry.com, the site will not work as expected from behind pfsense.
LSF in irc reported the following sites also not working: www.yr.no, www.ba.no, www.nrk.no

Caledorn

Have tried a different DNS server - still no result. CIDR I haven't checked - the gateway is identical (since it's DHCP from the ISP).

All of the sites you linked works perfectly.

By advice from a friend of mine who has worked with routing, I did a tracert -d and compared the results from the trace with and without the pfsense router connected - and this just doesn't make sense what so ever.

This is the trace without the pfsense router connected :

Tracing route to bloodbowl.nexway.com [87.98.202.44]
over a maximum of 30 hops:

  1     5 ms    11 ms    10 ms  213.236.252.x
  2     8 ms    11 ms    10 ms  212.37.234.93
  3     9 ms    10 ms    12 ms  195.70.168.186
  4    14 ms    15 ms    15 ms  195.70.168.186
  5     8 ms    10 ms    11 ms  213.236.198.26
  6    14 ms    11 ms    10 ms  212.125.237.161
  7    12 ms    11 ms    11 ms  85.19.24.201
  8    36 ms    34 ms     *     195.69.145.231
  9    52 ms    56 ms     *     213.251.130.65
 10    87 ms   104 ms    55 ms  213.186.32.225
 11   227 ms   222 ms   160 ms  213.186.32.145
 12    53 ms    56 ms    55 ms  213.186.32.99
 13    52 ms    57 ms    56 ms  87.98.202.44

Trace complete.

This is the trace with the pfsense router connected:

Tracing route to bloodbowl.nexway.com [87.98.202.44]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.0.1.1
  2     8 ms    11 ms    10 ms  213.236.252.x
  3     6 ms    11 ms    10 ms  212.37.234.93
  4    15 ms    10 ms    11 ms  195.70.168.186
  5     9 ms    11 ms    10 ms  195.70.168.186
  6     8 ms    11 ms    11 ms  213.236.198.26
  7     9 ms    11 ms    11 ms  212.125.237.161
  8    11 ms    10 ms    11 ms  85.19.24.201
  9   221 ms   216 ms   218 ms  195.69.145.231
 10    54 ms     *      117 ms  91.121.131.9
 11    64 ms    69 ms    56 ms  213.186.32.202
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
all the way to 19 where I pressed ^C

(The x in the ip adress is identical in both traces - just wanted to remove that single bit. smile)

The logic in the non-identical route here simply defies me…

Caledorn

The CIDR is assigned by DHCP too obviously btw.. I'm not sure how to check the actual CIDR of the dhcp allocation - the system log only says the ip address without netmask or CIDR..