Can't reach a specific IP address



  • I know that this looks similar to some existing posts, but I've tried everything I could find in the various threads and nothing seems to work.

    My client noticed this morning that they could not reach the Palmetto GBA website; every other site that they (or I) have tried seems to be working.  There may be others we can't reach, but I haven't found them yet.  They have used the site every day up to last week, and I'm not aware of any unusual activity over the weekend.

    I try to Ping from the Diagnostics menu on pfSense; here's the output (I'm obscuring the client's IP address):

    PING www.palmettogba.com (216.251.231.64) from xx.xxx.xxx.xxx: 56 data bytes

    –- www.palmettogba.com ping statistics ---
    3 packets transmitted, 0 packets received, 100.0% packet loss

    That IS the correct IP address; DNS is working just fine.  Also, if I unplug pfSense and plug my Win7 laptop into the T1, ipconfig'd to match the pfSense box, I am able to surf to the website and/or ping the address.  Running Traceroute from pfSense simply shows line after line of "*  *  *".

    Things I've tried:

    • Double and triple-checking the IP address, gateway, netmask. (I won't type it here, but I did set it the same on my laptop; I enter the netmask on pfSense as /29 and in Win7 as 255.255.255.248)

    • Changing the max MTU to various values between 1500 and 1250 (that just seemed like a nice arbitrary cutoff), plus 576.

    • Checking "Disable Hardware Checksum Offloading"; it made no difference.

    • Upgrading from 1.2.3RC3 to 1.2.3RELEASE

    • My NIC is a dual-port Intel Pro/100; I read in the 1.2.3 release notes that there might be a problem with this card under the new version, but I've now tried both checking and un-checking the checksum offloading option, both under the old version and the new.

    • I have set up pfSense boxes for several other clients in the same building, with two other ISPs.  I'm able to reach Palmetto from all the others, which initially led me to blame this ISP - but using a direct connection ruled that out.

    • I'm not using Squid, or SquidGuard, or any blocking rules in the firewall.

    Nothing works - I'm still unable to ping 216.251.231.64.  I CAN ping 216.251.231.63 (although I don't know what machine is at the far side, or even whether it's owned by Palmetto), but not 216.251.231.65.

    And again, if I bypass pfSense and plug my laptop directly into the T1, I am able to ping or surf to 216.251.231.64.

    Any ideas?  I'm stumped.






  • Do you have a route in pfSense for 216.251.231.64? The shell command # netstat -rn will display the routing table.



  • can you run tcpdump on the WAN interface and then try to go to the IP in question and see what happens?



  • 
    # netstat -rn
    Routing tables
    
    Internet:
    Destination        Gateway            Flags    Refs      Use  Netif Expire
    default            OurIP              UGS         0   696187   fxp1
    OurNetwork/29      link#2             UC          0        0   fxp1
    OurGateway         00:a0:c8:41:75:f3  UHLW        2    12755   fxp1   1175
    127.0.0.1          127.0.0.1          UH          0        0    lo0
    192.168.33.0&0xc0a82102 link#9             UC          0      522   tap0
    192.168.254.0/24   link#1             UC          0        0   fxp0
    192.168.254.5      00:10:5a:62:f0:a9  UHLW        1      133   fxp0    621
    192.168.254.18     00:11:11:97:e8:44  UHLW        1    11725   fxp0   1043
    192.168.254.23     00:0b:db:83:dd:00  UHLW        1     4360   fxp0    750
    192.168.254.32     00:0d:56:9b:4e:fc  UHLW        1    56806   fxp0   1199
    192.168.254.48     00:15:f2:92:40:cc  UHLW        1     8247   fxp0   1062
    192.168.254.49     00:15:f2:92:41:3b  UHLW        1    11531   fxp0    979
    192.168.254.50     00:15:f2:92:41:4b  UHLW        1      578   fxp0    623
    192.168.254.101    00:15:f2:92:d0:60  UHLW        1     1498   fxp0   1077
    192.168.254.103    00:15:f2:92:3d:d7  UHLW        1      845   fxp0   1196
    192.168.254.105    00:00:06:c2:d2:e2  UHLW        1     7496   fxp0   1157
    192.168.254.106    00:15:f2:92:41:3d  UHLW        1     2518   fxp0    856
    192.168.254.109    00:13:20:76:ae:43  UHLW        1    19262   fxp0   1139
    192.168.254.112    00:15:f2:92:d0:78  UHLW        1    12799   fxp0   1107
    192.168.254.113    00:15:f2:92:41:23  UHLW        1      569   fxp0   1199
    192.168.254.114    00:15:f2:92:d0:7a  UHLW        1    19159   fxp0   1189
    192.168.254.116    00:0d:56:9b:4f:ee  UHLW        1    21249   fxp0   1012
    192.168.254.130    00:1d:6a:cd:84:f8  UHLW        1      177   fxp0   1184
    192.168.254.132    00:26:18:30:13:8f  UHLW        1   140525   fxp0   1132
    192.168.254.172    00:13:20:96:c5:33  UHLW        1    14529   fxp0   1182
    192.168.254.254    00:50:8b:68:d6:8a  UHLW        1   200019    lo0
    
    Internet6:
    Destination                       Gateway                       Flags      Netif
     Expire
    ::1                               ::1                           UHL         lo0
    fe80::%fxp0/64                    link#1                        UC         fxp0
    fe80::250:8bff:fe68:d68a%fxp0     00:50:8b:68:d6:8a             UHL         lo0
    fe80::%fxp1/64                    link#2                        UC         fxp1
    fe80::250:8bff:fe68:d68b%fxp1     00:50:8b:68:d6:8b             UHL         lo0
    fe80::%lo0/64                     fe80::1%lo0                   U           lo0
    fe80::1%lo0                       link#4                        UHL         lo0
    fe80::%tap0/64                    link#9                        UC         tap0
    fe80::2bd:2ff:fe26:0%tap0         00:bd:02:26:00:00             UHL         lo0
    ff01:1::/32                       link#1                        UC         fxp0
    ff01:2::/32                       link#2                        UC         fxp1
    ff01:4::/32                       ::1                           UC          lo0
    ff01:9::/32                       link#9                        UC         tap0
    ff02::%fxp0/32                    link#1                        UC         fxp0
    ff02::%fxp1/32                    link#2                        UC         fxp1
    ff02::%lo0/32                     ::1                           UC          lo0
    ff02::%tap0/32                    link#9                        UC         tap0
    #
    


  • 
    # tcpdump -i fxp1
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on fxp1, link-type EN10MB (Ethernet), capture size 96 bytes
    10:01:57.794369 IP OurIP-static-ip.OurISP.39016 > resolver1.opendns.com.domain: 25261+ PTR? 251.105.31.75.in-addr.arpa. (44)
    10:01:57.811647 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.39016: 25261 1/0/0 (101)
    10:01:57.811870 IP OurIP-static-ip.OurISP.19267 > resolver1.opendns.com.domain: 25262+ PTR? 194.250.31.96.in-addr.arpa. (44)
    10:01:57.829150 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.19267: 25262 1/0/0 (97)
    10:01:58.189008 IP OurIP-static-ip.OurISP.10372 > resolver1.opendns.com.domain: 24662+ A? www.palmettogba.com. (37)
    10:01:58.206758 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.10372: 24662 1/0/0 A ega-palmetto-vip1.min.navisite.net (53)
    10:01:58.829175 IP OurIP-static-ip.OurISP.56762 > resolver1.opendns.com.domain: 25263+ PTR? 222.222.67.208.in-addr.arpa. (45)
    10:01:58.846350 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.56762: 25263 1/0/0 (80)
    10:01:58.846671 IP OurIP-static-ip.OurISP.38338 > resolver1.opendns.com.domain: 25264+ PTR? 64.231.251.216.in-addr.arpa. (45)
    10:01:58.863835 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.38338: 25264 1/0/0 (93)
    10:01:58.990035 IP OurIP-static-ip.OurISP.60234 > resolver1.opendns.com.domain: 11881+ A? track.bestbuy.com. (35)
    10:01:58.990054 IP OurIP-static-ip.OurISP.60234 > resolver2.opendns.com.domain: 11881+ A? track.bestbuy.com. (35)
    10:01:59.007390 IP resolver2.opendns.com.domain > OurIP-static-ip.OurISP.60234: 11881 2/0/0 CNAME[|domain]
    10:01:59.009075 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: S 833524787:833524787(0) win 65535 <mss 1452,nop,nop,sackok="">10:01:59.009398 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.60234: 11881 2/0/0 CNAME[|domain]
    10:01:59.030349 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: S 403433822:403433822(0) ack 833524788 win 8190 <mss 1436="">10:01:59.030521 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . ack 1 win 65535
    10:01:59.031473 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: P 1:103(102) ack 1 win 65535
    10:01:59.055940 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: P 1437:2149(712) ack 103 win 40856
    10:01:59.056388 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . ack 1 win 65535
    10:01:59.059988 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: P 1:1437(1436) ack 103 win 40856
    10:01:59.060783 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . ack 2149 win 65535
    10:01:59.062705 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: P 103:285(182) ack 2149 win 65535
    10:01:59.085522 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: . ack 285 win 40674
    10:01:59.085874 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: P 2149:2192(43) ack 285 win 40674
    10:01:59.097314 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . 285:1721(1436) ack 2192 win 65492
    10:01:59.097344 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: P 1721:1999(278) ack 2192 win 65492
    10:01:59.100122 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: S 2299413984:2299413984(0) win 65535 <mss 1452,nop,nop,sackok="">10:01:59.107728 IP OurIP-static-ip.OurISP.8713 > resolver1.opendns.com.domain: 44673+ A? myrewardzone.bestbuy.com. (42)
    10:01:59.107745 IP OurIP-static-ip.OurISP.8713 > resolver2.opendns.com.domain: 44673+ A? myrewardzone.bestbuy.com. (42)
    10:01:59.124892 IP resolver2.opendns.com.domain > OurIP-static-ip.OurISP.8713: 44673 3/0/0 CNAME[|domain]
    10:01:59.126422 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: S 822370893:822370893(0) win 65535 <mss 1452,nop,nop,sackok="">10:01:59.127519 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: . ack 1999 win 38960
    10:01:59.127868 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: S 876682214:876682214(0) ack 2299413985 win 8190 <mss 1436="">10:01:59.128165 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: . ack 1 win 65535
    10:01:59.129065 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: P 1:103(102) ack 1 win 65535
    10:01:59.138516 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: P 2192:3168(976) ack 1999 win 38960
    10:01:59.146374 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: S 2165773839:2165773839(0) ack 822370894 win 5840 <mss 1460,nop,nop,sackok="">10:01:59.146690 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 1 win 65535
    10:01:59.147788 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 1:103(102) ack 1 win 65535
    10:01:59.151389 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: P 1:86(85) ack 103 win 40856
    10:01:59.151870 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: P 86:123(37) ack 103 win 40856
    10:01:59.152269 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: . ack 123 win 65413
    10:01:59.153104 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: P 103:146(43) ack 123 win 65413
    10:01:59.159452 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: . 146:1582(1436) ack 123 win 65413
    10:01:59.159478 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: P 1582:1850(268) ack 123 win 65413
    10:01:59.168450 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 103 win 5840
    10:01:59.172510 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . 1:1453(1452) ack 103 win 5840
    10:01:59.173410 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: P 1453:1789(336) ack 103 win 5840
    10:01:59.173754 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 1789 win 65535
    10:01:59.174867 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: . ack 146 win 40813
    10:01:59.174940 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 103:285(182) ack 1789 win 65535
    10:01:59.188878 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: . ack 1850 win 39109
    10:01:59.193760 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: P 123:1099(976) ack 1850 win 39109
    10:01:59.200391 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: P 1789:1832(43) ack 285 win 6432
    10:01:59.203557 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 285:1564(1279) ack 1832 win 65492
    10:01:59.247908 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.8713: 44673 3/0/0 CNAME[|domain]
    10:01:59.287896 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 1564 win 8953
    10:01:59.293444 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: P 1832:2180(348) ack 1564 win 8953
    10:01:59.294661 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 1564:2915(1351) ack 2180 win 65144
    10:01:59.321897 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 2915 win 12159
    10:01:59.371960 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . ack 3168 win 64516
    10:01:59.371978 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: . ack 1099 win 64437
    10:01:59.379057 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . 2180:3632(1452) ack 2915 win 12159
    10:01:59.381497 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: P 3632:4535(903) ack 2915 win 12159
    10:01:59.381874 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 4535 win 65535
    10:01:59.437059 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 2083315273:2083315345(72) ack 681456438 win 65153
    10:01:59.700671 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . 1999:3435(1436) ack 3168 win 64516
    10:01:59.700715 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: P 3435:3974(539) ack 3168 win 64516
    10:01:59.702723 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 2915:4032(1117) ack 4535 win 65535
    10:01:59.709268 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: S 1041588349:1041588349(0) win 65535 <mss 1452,nop,nop,sackok="">10:01:59.709657 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: S 1190721936:1190721936(0) win 65535 <mss 1452,nop,nop,sackok="">10:01:59.709908 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: S 911564052:911564052(0) win 65535 <mss 1452,nop,nop,sackok="">10:01:59.722477 IP ats-mea.dial.aol.com.aol > OurIP-static-ip.OurISP.8779: . ack 72 win 16384
    10:01:59.729974 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: . ack 3974 win 8190
    10:01:59.736671 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: P 3168:4183(1015) ack 3974 win 32768
    10:01:59.736688 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 4032 win 14861
    10:01:59.736707 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.62557: S 2165155161:2165155161(0) ack 1041588350 win 5840 <mss 1460,nop,nop,sackok="">10:01:59.736725 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: S 2165988515:2165988515(0) ack 1190721937 win 5840 <mss 1460,nop,nop,sackok="">10:01:59.736740 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: S 2162041014:2162041014(0) ack 911564053 win 5840 <mss 1460,nop,nop,sackok="">10:01:59.737221 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 1 win 65535
    10:01:59.737234 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 1 win 65535
    10:01:59.737249 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 1 win 65535
    10:01:59.737727 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 1:103(102) ack 1 win 65535
    10:01:59.737991 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 1:103(102) ack 1 win 65535
    10:01:59.738399 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 1:103(102) ack 1 win 65535
    10:01:59.739587 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: P 4535:5399(864) ack 4032 win 14861
    10:01:59.758515 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.62557: . ack 103 win 5840
    10:01:59.758996 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.62557: P 1:123(122) ack 103 win 5840
    10:01:59.759026 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: . ack 103 win 5840
    10:01:59.759496 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: . ack 103 win 5840
    10:01:59.759988 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: P 1:123(122) ack 103 win 5840
    10:01:59.760050 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 103:146(43) ack 123 win 65413
    10:01:59.760547 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: P 1:123(122) ack 103 win 5840
    10:01:59.760721 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 103:146(43) ack 123 win 65413
    10:01:59.764081 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 146:1265(1119) ack 123 win 65413
    10:01:59.764198 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 146:1266(1120) ack 123 win 65413
    10:01:59.764412 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 103:146(43) ack 123 win 65413
    10:01:59.767139 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 146:1261(1115) ack 123 win 65413
    10:01:59.789487 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.62557: . ack 1265 win 7833
    10:01:59.789507 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: . ack 1266 win 7840
    10:01:59.791537 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: P 123:645(522) ack 1266 win 7840
    10:01:59.793538 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.62557: P 123:645(522) ack 1265 win 7833
    10:01:59.796572 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: . ack 1261 win 7805
    10:01:59.798083 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: P 123:440(317) ack 1261 win 7805
    10:01:59.823849 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 72:197(125) ack 1 win 65153
    10:01:59.824014 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 197:294(97) ack 1 win 65153
    10:01:59.824190 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 294:419(125) ack 1 win 65153
    10:01:59.824260 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 419:474(55) ack 1 win 65153
    10:01:59.863324 IP OurIP-static-ip.OurISP.35241 > resolver1.opendns.com.domain: 25265+ PTR? 220.220.67.208.in-addr.arpa. (45)
    10:01:59.874973 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 440 win 65096
    10:01:59.874987 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 5399 win 64671
    10:01:59.875005 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . ack 4183 win 65535
    10:01:59.880605 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.35241: 25265 1/0/0 (80)
    10:01:59.880917 IP OurIP-static-ip.OurISP.14216 > resolver1.opendns.com.domain: 25266+ PTR? 35.84.154.64.in-addr.arpa. (43)
    10:01:59.975577 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 645 win 64891
    10:01:59.975591 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 645 win 64891
    10:02:00.109542 IP ats-mea.dial.aol.com.aol > OurIP-static-ip.OurISP.8779: . ack 474 win 16384
    10:02:00.179575 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.14216: 25266 1/0/0 (74)
    10:02:00.180057 IP OurIP-static-ip.OurISP.6643 > resolver1.opendns.com.domain: 25267+ PTR? 194.49.247.72.in-addr.arpa. (44)
    10:02:00.346630 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.6643: 25267 1/0/0 (102)
    10:02:00.347395 IP OurIP-static-ip.OurISP.64129 > resolver1.opendns.com.domain: 25268+ PTR? 221.10.12.64.in-addr.arpa. (43)
    10:02:00.364610 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.64129: 25268 1/0/0 (77)
    10:02:05.766047 IP OurIP-static-ip.OurISP.8045 > triangle.kansas.net.ntp: NTPv4, Client, length 48
    10:02:06.365218 IP OurIP-static-ip.OurISP.29635 > resolver1.opendns.com.domain: 25269+ PTR? 6.144.6.64.in-addr.arpa. (41)
    10:02:06.382138 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.29635: 25269 1/0/0 PTR[|domain]
    10:02:06.542440 IP OurIP-static-ip.OurISP > 96-31-250-193-static-ip.OurISP: ICMP echo request, id 39658, seq 0, length 64
    10:02:06.542819 IP 96-31-250-193-static-ip.OurISP > OurIP-static-ip.OurISP: ICMP echo reply, id 39658, seq 0, length 64
    10:02:06.770680 IP OurIP-static-ip.OurISP.27658 > resolver1.opendns.com.domain: 24349+ A? safebrowsing.clients.google.com. (49)
    10:02:06.788228 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.27658: 24349 7/0/0[|domain]
    10:02:06.789049 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: S 586893794:586893794(0) win 65535 <mss 1452,nop,nop,sackok="">10:02:06.807760 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: S 164501910:164501910(0) ack 586893795 win 5720 <mss 1430,nop,nop,sackok="">10:02:06.807913 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . ack 1 win 65535
    10:02:06.808810 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 1:1431(1430) ack 1 win 65535
    10:02:06.808930 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 1431:2861(1430) ack 1 win 65535
    10:02:06.835217 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 1431 win 8580
    10:02:06.835233 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 2861 win 11440
    10:02:06.835855 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: P 2861:4291(1430) ack 1 win 65535
    10:02:06.835977 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 4291:5721(1430) ack 1 win 65535
    10:02:06.836098 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 5721:7151(1430) ack 1 win 65535
    10:02:06.836218 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: P 7151:8581(1430) ack 1 win 65535
    10:02:06.862216 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 4291 win 14300
    10:02:06.862231 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 5721 win 17160
    10:02:06.862849 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 8581:10011(1430) ack 1 win 65535
    10:02:06.862970 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 10011:11441(1430) ack 1 win 65535
    10:02:06.863091 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: P 11441:12871(1430) ack 1 win 65535
    10:02:06.863212 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 12871:14301(1430) ack 1 win 65535
    10:02:06.870208 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 7151 win 20020
    10:02:06.870223 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 8581 win 22880
    10:02:06.870820 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . 14301:15731(1430) ack 1 win 65535
    10:02:06.870866 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: P 15731:16235(504) ack 1 win 65535
    10:02:06.889290 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 10011 win 25740
    10:02:06.889343 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 11441 win 28600
    10:02:06.896830 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 12871 win 31460
    10:02:06.896845 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 14301 win 34320
    10:02:06.905211 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 15731 win 37180
    10:02:06.905226 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: . ack 16235 win 40040
    10:02:06.931791 IP nuq04s01-in-f100.1e100.net.http > OurIP-static-ip.OurISP.24163: P 1:539(538) ack 16235 win 40040
    10:02:07.048350 IP OurIP-static-ip.OurISP.24163 > nuq04s01-in-f100.1e100.net.http: . ack 539 win 64997
    10:02:07.056077 IP OurIP-static-ip.OurISP.44772 > resolver1.opendns.com.domain: 34704+ A? safebrowsing-cache.google.com. (47)
    10:02:07.073250 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.44772: 34704 2/0/0[|domain]
    10:02:07.074001 IP OurIP-static-ip.OurISP.27885 > 74.125.3.228.http: S 2446807999:2446807999(0) win 65535 <mss 1452,nop,nop,sackok="">10:02:07.347310 IP 74.125.3.228.http > OurIP-static-ip.OurISP.27885: S 645997509:645997509(0) ack 2446808000 win 5840 <mss 1460,nop,nop,sackok="">10:02:07.347488 IP OurIP-static-ip.OurISP.27885 > 74.125.3.228.http: . ack 1 win 65535
    10:02:07.348022 IP OurIP-static-ip.OurISP.27885 > 74.125.3.228.http: P 1:719(718) ack 1 win 65535
    10:02:07.382264 IP OurIP-static-ip.OurISP.5954 > resolver1.opendns.com.domain: 25270+ PTR? 193.250.31.96.in-addr.arpa. (44)
    10:02:07.399325 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.5954: 25270 1/0/0 (97)
    10:02:07.399646 IP OurIP-static-ip.OurISP.42334 > resolver1.opendns.com.domain: 25271+ PTR? 100.19.125.74.in-addr.arpa. (44)
    10:02:07.416923 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.42334: 25271 1/0/0 (84)
    10:02:07.417429 IP OurIP-static-ip.OurISP.24963 > resolver1.opendns.com.domain: 25272+ PTR? 228.3.125.74.in-addr.arpa. (43)
    10:02:07.434814 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.24963: 25272 NXDomain 0/0/0 (43)
    10:02:07.545972 IP OurIP-static-ip.OurISP > 96-31-250-193-static-ip.OurISP: ICMP echo request, id 39658, seq 1, length 64
    10:02:07.546534 IP 96-31-250-193-static-ip.OurISP > OurIP-static-ip.OurISP: ICMP echo reply, id 39658, seq 1, length 64
    10:02:07.623839 IP 74.125.3.228.http > OurIP-static-ip.OurISP.27885: . ack 719 win 7180
    10:02:07.626359 IP 74.125.3.228.http > OurIP-static-ip.OurISP.27885: P 1:234(233) ack 719 win 7180
    10:02:07.626969 IP 74.125.3.228.http > OurIP-static-ip.OurISP.27885: P 234:438(204) ack 719 win 7180
    10:02:07.627269 IP OurIP-static-ip.OurISP.27885 > 74.125.3.228.http: . ack 438 win 65098
    10:02:07.677918 IP OurIP-static-ip.OurISP.27885 > 74.125.3.228.http: P 719:1443(724) ack 438 win 65098
    10:02:07.957021 IP 74.125.3.228.http > OurIP-static-ip.OurISP.27885: P 438:671(233) ack 1443 win 8688
    10:02:07.957971 IP 74.125.3.228.http > OurIP-static-ip.OurISP.27885: P 671:1007(336) ack 1443 win 8688
    10:02:07.958235 IP OurIP-static-ip.OurISP.27885 > 74.125.3.228.http: . ack 1007 win 64529
    10:02:08.546976 IP OurIP-static-ip.OurISP > 96-31-250-193-static-ip.OurISP: ICMP echo request, id 39658, seq 2, length 64
    10:02:08.547261 IP 96-31-250-193-static-ip.OurISP > OurIP-static-ip.OurISP: ICMP echo reply, id 39658, seq 2, length 64
    10:02:09.547973 IP OurIP-static-ip.OurISP > 96-31-250-193-static-ip.OurISP: ICMP echo request, id 39658, seq 3, length 64
    10:02:09.548301 IP 96-31-250-193-static-ip.OurISP > OurIP-static-ip.OurISP: ICMP echo reply, id 39658, seq 3, length 64
    10:02:10.549008 IP OurIP-static-ip.OurISP > 96-31-250-193-static-ip.OurISP: ICMP echo request, id 39658, seq 4, length 64
    10:02:10.549555 IP 96-31-250-193-static-ip.OurISP > OurIP-static-ip.OurISP: ICMP echo reply, id 39658, seq 4, length 64
    10:02:11.736873 IP OurIP-static-ip.OurISP.28248 > by2msg1030116.gateway.edge.messenger.live.com.1863: P 296755253:296755258(5) ack 3691742574 win 64736
    10:02:11.755035 IP by2msg1030116.gateway.edge.messenger.live.com.1863 > OurIP-static-ip.OurISP.28248: P 1:9(8) ack 5 win 65110
    10:02:11.970909 IP OurIP-static-ip.OurISP.28248 > by2msg1030116.gateway.edge.messenger.live.com.1863: . ack 9 win 64728
    10:02:12.434201 IP OurIP-static-ip.OurISP.20327 > resolver1.opendns.com.domain: 25273+ PTR? 109.16.4.64.in-addr.arpa. (42)
    10:02:12.451674 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.20327: 25273 1/0/0 PTR[|domain]
    10:02:19.824437 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . 4032:5484(1452) ack 5399 win 64671
    10:02:19.824450 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 5484:5492(8) ack 5399 win 64671
    10:02:19.824466 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 5492:5679(187) ack 5399 win 64671
    10:02:19.852622 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 5492 win 17424
    10:02:19.892645 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 5679 win 20328
    10:02:19.939282 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: P 5399:5771(372) ack 5679 win 20328
    10:02:19.941973 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: . 1266:2718(1452) ack 645 win 64891
    10:02:19.941984 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 2718:2750(32) ack 645 win 64891
    10:02:19.969220 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: . ack 2750 win 10164
    10:02:20.032729 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: . 645:2097(1452) ack 2750 win 10164
    10:02:20.034140 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: P 2097:2671(574) ack 2750 win 10164
    10:02:20.034435 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 2671 win 65535
    10:02:20.090116 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 474:599(125) ack 1 win 65153
    10:02:20.090572 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 599:654(55) ack 1 win 65153
    10:02:20.095256 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 5771 win 64299
    10:02:20.225715 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: . 1850:3286(1436) ack 1099 win 64437
    10:02:20.225768 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: P 3286:3959(673) ack 1099 win 64437
    10:02:20.226188 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 1265:2384(1119) ack 645 win 64891
    10:02:20.231615 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 1261:2381(1120) ack 440 win 65096
    10:02:20.255391 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: . ack 3959 win 8190
    10:02:20.262232 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.62557: P 645:1554(909) ack 2384 win 10071
    10:02:20.266274 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: . 440:1892(1452) ack 2381 win 10080
    10:02:20.270274 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: . 1892:3344(1452) ack 2381 win 10080
    10:02:20.270893 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 3344 win 65535
    10:02:20.272198 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.22866: P 3344:3932(588) ack 2381 win 10080
    10:02:20.276228 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.3752: P 1099:2158(1059) ack 3959 win 32768
    10:02:20.295968 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 654:779(125) ack 1 win 65153
    10:02:20.296100 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 779:878(99) ack 1 win 65153
    10:02:20.296227 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 878:1003(125) ack 1 win 65153
    10:02:20.296299 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 1003:1058(55) ack 1 win 65153
    10:02:20.376153 IP ats-mea.dial.aol.com.aol > OurIP-static-ip.OurISP.8779: . ack 654 win 16384
    10:02:20.396991 IP OurIP-static-ip.OurISP.62557 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 1554 win 65535
    10:02:20.497929 IP OurIP-static-ip.OurISP.22866 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 3932 win 64947
    10:02:20.497942 IP OurIP-static-ip.OurISP.3752 > track.bestbuy.com.https: . ack 2158 win 65535
    10:02:20.581208 IP ats-mea.dial.aol.com.aol > OurIP-static-ip.OurISP.8779: . ack 1058 win 16384
    10:02:28.021631 IP OurIP-static-ip.OurISP.40096 > turbotax.intuit.com.http: S 2543073265:2543073265(0) win 65535 <mss 1452,nop,nop,sackok="">10:02:28.036678 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.40096: S 244827812:244827812(0) ack 2543073266 win 4356 <mss 1460,sackok,eol="">10:02:28.036887 IP OurIP-static-ip.OurISP.40096 > turbotax.intuit.com.http: . ack 1 win 65535
    10:02:28.058217 IP OurIP-static-ip.OurISP.40096 > turbotax.intuit.com.http: P 1:1229(1228) ack 1 win 65535
    10:02:28.071692 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . 5679:7131(1452) ack 5771 win 64299
    10:02:28.071704 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 7131:7139(8) ack 5771 win 64299
    10:02:28.071716 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 7139:7334(195) ack 5771 win 64299
    10:02:28.099692 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 7131 win 23232
    10:02:28.099709 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 7139 win 23232
    10:02:28.100770 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: . ack 7334 win 26136
    10:02:28.112176 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.40096: P 1:718(717) ack 1229 win 5584
    10:02:28.112192 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.40096: F 718:718(0) ack 1229 win 5584
    10:02:28.112617 IP OurIP-static-ip.OurISP.40096 > turbotax.intuit.com.http: . ack 719 win 64818
    10:02:28.138446 IP OurIP-static-ip.OurISP.40096 > turbotax.intuit.com.http: F 1229:1229(0) ack 719 win 64818
    10:02:28.152937 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: S 4187904806:4187904806(0) win 65535 <mss 1452,nop,nop,sackok="">10:02:28.153169 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.40096: . ack 1230 win 5584
    10:02:28.168112 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: S 807868080:807868080(0) ack 4187904807 win 4356 <mss 1460,sackok,eol="">10:02:28.168301 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 1 win 65535
    10:02:28.169112 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: P 1:1025(1024) ack 1 win 65535
    10:02:28.203775 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 1:1453(1452) ack 1025 win 5380
    10:02:28.203791 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: P 1453:1461(8) ack 1025 win 5380
    10:02:28.204448 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 1461 win 65527
    10:02:28.207770 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 1461:2913(1452) ack 1025 win 5380
    10:02:28.211771 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 2913:4365(1452) ack 1025 win 5380
    10:02:28.212422 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 4365 win 62623
    10:02:28.223278 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 4365:5817(1452) ack 1025 win 5380
    10:02:28.227268 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 5817:7269(1452) ack 1025 win 5380
    10:02:28.227912 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 7269 win 59719
    10:02:28.230827 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 7269 win 59719
    10:02:28.230914 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 7269 win 65535
    10:02:28.231770 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 7269:8721(1452) ack 1025 win 5380
    10:02:28.235770 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 8721:10173(1452) ack 1025 win 5380
    10:02:28.236418 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 10173 win 62631
    10:02:28.239842 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 10173:11625(1452) ack 1025 win 5380
    10:02:28.243781 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 11625:13077(1452) ack 1025 win 5380
    10:02:28.244426 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 13077 win 59727
    10:02:28.249276 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 13077:14529(1452) ack 1025 win 5380
    10:02:28.253276 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 14529:15981(1452) ack 1025 win 5380
    10:02:28.253923 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 15981 win 56823
    10:02:28.257276 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 15981:17433(1452) ack 1025 win 5380
    10:02:28.261317 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 17433:18885(1452) ack 1025 win 5380
    10:02:28.261966 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 18885 win 53919
    10:02:28.262828 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 18885 win 55371
    10:02:28.262947 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 18885 win 65535
    10:02:28.270858 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: P 18885:20337(1452) ack 1025 win 5380
    10:02:28.275278 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 20337:21789(1452) ack 1025 win 5380
    10:02:28.275766 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . 21789:23241(1452) ack 1025 win 5380
    10:02:28.275968 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 21789 win 62631
    10:02:28.278729 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: P 23241:24030(789) ack 1025 win 5380
    10:02:28.278745 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: F 24030:24030(0) ack 1025 win 5380
    10:02:28.279172 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 24030 win 60390
    10:02:28.279183 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 24031 win 60390
    10:02:28.334307 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 24031 win 61842
    10:02:28.334484 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: . ack 24031 win 65535
    10:02:28.451249 IP OurIP-static-ip.OurISP.29780 > resolver1.opendns.com.domain: 25274+ PTR? 246.161.149.12.in-addr.arpa. (45)
    10:02:28.468692 IP resolver1.opendns.com.domain > OurIP-static-ip.OurISP.29780: 25274 3/0/0[|domain]
    10:02:28.469516 IP OurIP-static-ip.OurISP.32490 > turbotax.intuit.com.http: F 1025:1025(0) ack 24031 win 65535
    10:02:28.484182 IP turbotax.intuit.com.http > OurIP-static-ip.OurISP.32490: . ack 1026 win 5380
    10:02:29.204362 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.64143: P 5771:6143(372) ack 7334 win 26136
    10:02:29.207302 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: . 2750:4202(1452) ack 2671 win 65535
    10:02:29.207317 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: P 4202:4234(32) ack 2671 win 65535
    10:02:29.234884 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: . ack 4234 win 13068
    10:02:29.293467 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: . 2671:4123(1452) ack 4234 win 13068
    10:02:29.294362 IP a72-247-49-194.deploy.akamaitechnologies.com.https > OurIP-static-ip.OurISP.49641: P 4123:4531(408) ack 4234 win 13068
    10:02:29.294836 IP OurIP-static-ip.OurISP.49641 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 4531 win 65535
    10:02:29.348967 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 1058:1183(125) ack 1 win 65153
    10:02:29.349277 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 1183:1238(55) ack 1 win 65153
    10:02:29.350256 IP OurIP-static-ip.OurISP.64143 > a72-247-49-194.deploy.akamaitechnologies.com.https: . ack 6143 win 65535
    10:02:29.535089 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . 3974:5410(1436) ack 4183 win 65535
    10:02:29.535117 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: P 5410:6125(715) ack 4183 win 65535
    10:02:29.564382 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: . ack 6125 win 8190
    10:02:29.571074 IP track.bestbuy.com.https > OurIP-static-ip.OurISP.37845: P 4183:5280(1097) ack 6125 win 32768
    10:02:29.625869 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 1238:1363(125) ack 1 win 65153
    10:02:29.626008 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 1363:1458(95) ack 1 win 65153
    10:02:29.626193 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 1458:1583(125) ack 1 win 65153
    10:02:29.626278 IP OurIP-static-ip.OurISP.8779 > ats-mea.dial.aol.com.aol: P 1583:1638(55) ack 1 win 65153
    10:02:29.633988 IP ats-mea.dial.aol.com.aol > OurIP-static-ip.OurISP.8779: . ack 1238 win 16384
    10:02:29.752620 IP OurIP-static-ip.OurISP.37845 > track.bestbuy.com.https: . ack 5280 win 64438
    10:02:29.912028 IP ats-mea.dial.aol.com.aol > OurIP-static-ip.OurISP.8779: . ack 1638 win 16384
    10:02:37.028461 IP OurIP-static-ip.OurISP.59438 > webcs123.msg.sp1.yahoo.com.mmcc: P 3912015979:3912016083(104) ack 867108649 win 64295
    10:02:37.048327 IP webcs123.msg.sp1.yahoo.com.mmcc > OurIP-static-ip.OurISP.59438: P 1:113(112) ack 104 win 65535
    10:02:37.215230 IP OurIP-static-ip.OurISP.59438 > webcs123.msg.sp1.yahoo.com.mmcc: . ack 113 win 64183
    10:02:37.465382 IP 207.46.140.60.http > OurIP-static-ip.OurISP.39393: R 3201681733:3201681733(0) win 0
    ^C</mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss></mss> 
    


  • Too much extraneous stuff.  Can you run the tcpdump with '-n' also and pipe the output through grep for the IP you want?



  • I took the liberty of replacing my client's actual public IP (and network and gateway), and in the tcpdump I replaced the ISP's name with "OurISP" - actually, I find it easier to read this way anyway…

    I don't see anything in the routing table that seems relevant to me; unfortunately, I'm not sure I entirely understand what I'm seeing in the tcpdump.  As you can see, regular office traffic continues (including some that's probably unofficial, such as shopping at Best Buy!  I'm not going to show this dump to the office manager, though...)  I kept tcpcump running until the browser (that was trying to reach the Palmetto website) timed out, but other than the initial DNS request and response, I'm not sure I see ANYTHING relevant in the dump.

    I'm still stumped.   As I mentioned, if I bypass the pfSense box I can contact Palmetto just fine; that's not a workable solution, however...



  • Sorry - our posts crossed paths.  Will do.  I'm off-site right now and working via Putty, so my own traffic was mixed in; I removed that, but there's obviously still a lot of junk.  I'll be on-site in about an hour; I'll do it then.



  • Sorry for the delay - I was checking and re-checking to make sure I hadn't missed anything; apparently I haven't.  Here's the simplified tcpdump:

    
    # tcpdump -i fxp1 -n
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on fxp1, link-type EN10MB (Ethernet), capture size 96 bytes
    13:01:40.949884 IP OurIP.57965 > 208.67.222.222.53: 55848+ A? www.palmettogba.com. (37)
    13:01:40.949905 IP OurIP.57965 > 208.67.220.220.53: 55848+ A? www.palmettogba.com. (37)
    13:01:40.967511 IP 208.67.222.222.53 > OurIP.57965: 55848 1/0/0 A 216.251.231.64 (53)
    13:01:40.967533 IP 208.67.220.220.53 > OurIP.57965: 55848 1/0/0 A 216.251.231.64 (53)
    
    

    And that's all she wrote.



  • Question: try pinging the IP again, then from your shell do 'clog /var/log/filter.log'.  Anything show up?  I am wondering if there is some kind of ICMP that is being blocked.



  • Question: try pinging the IP again, then from your shell do 'clog /var/log/filter.log'.  Anything show up?  I am wondering if there is some kind of ICMP that is being blocked.

    Nothing whatsoever.  I tried pinging from a command prompt on my laptop, and again from the Diagnostics menu, and again from the shell.  Regardless, the ping times out - but it doesn't generate any activity in filter.log (there's plenty of other activity, of course, but nothing to do with 216.251.231.64)



  • Looking at your trace again, is very confusing.  I thought you were pinging the IP, but I see it doing a DNS lookup, but then no traffic going to that IP address.  Are you sure you are doing a ping on the numeric IP while running tcpdump?



  • When I ping the numeric IP, absolutely nothing is generated in the WAN-interface tcpdump.

    Methodology:

    • in pfSense shell via Putty, run tcpdump -i fxp1 -n

    • in CMD prompt, run ping (either www.palmettogba.com or 216.251.231.61)

    • switch back to Putty, keeping an eye on the CMD prompt.

    • as soon as the ping times out, press Ctrl-C to kill tcpdump.

    Does it seem reasonable?



  • It seems reasonable, but as suggested earlier, use the IP address to keep the DNS transactions out of the trace.

    I presume by CMD prompt you mean the pfSense Diagnostics -> Command facility rather than a command on another system. If so, you should include a count so the ping command will terminate (e.g.

    ping -c 5 216.251.231.61

    ).

    For what its worth, I've just tried to connect to the web server at 216.251.231.61 by typing http://216.251.231.61 into a web browser location box and it timed out

    I tried pinging 216.251.231.61 and got no reply in 5 attempts.

    I tried changing the last byte of the address from 59 to 63 and only 63 replies.

    I tried a traceroute to 216.251.231.61 and it showed many intermediate systems (up to the 30th) but 31 to 64 were all "unknown". Earlier you reported a traceroute on pfSense showing "line after line of '* * *' " but what about the first few entries?

    I've also noticed that you initially reported a problem with 216.251.231.64 and your last post referenced 216.251.231.61. Typing mistake in your most recent reply?

    I can connect from my web browser (downstream of a pfSense box) to 216.251.231.64. I tried a traceroute to 216.251.231.64 and again the last non "* * *' entry is the 30th.

    I think we need to verify that when you access from pfSense whatever your desired target is, that the packet goes out the correct interface. And if it doesn't go out the correct interface find out why. I think danswartz's suggestions are also targeted on verifying the packet goes out the correct interface.



  • I am confused too.  I can ping 216.251.231.64 but not 216.251.231.61.



  • Yes, it was a typo.  Sorry for the red herring; I should just have said "numeric IP".  The correct IP address is 216.251.231.64.

    "CMD prompt": I meant the "DOS box" on my Windows 7 laptop: literally the command prompt you get when you run CMD.exe; I'm sorry I wasn't clear.  I will refer to it as "DOS" from now on; although that's not correct, I suspect it's less prone to misinterpretation.  In any case, the Windows ping defaults to three tries and out, and that's how I was running it.

    So let me try again.  On my (Windows) laptop, I open a Putty session to the pfSense shell and a (Windows) command prompt.  I run tcpdump in the Putty session and ping in the DOS box.  When I try to ping using the domain name, tcpdump shows the DNS transactions and then nothing more.  When I try to ping using the numeric IP (see what I did there?), tcpdump shows no activity at all.  (In both cases, I mean "no activity related to what I'm doing"; people were still surfing the web, checking email, etc.)

    Regarding which interface the packet goes out: just for giggles, I ran a tcpdump on the LAN interface (LAN is fxp0; WAN is fxp1).  As you might expect, there was a flurry of traffic between my laptop and pfSense, but I did not see any packets addressed to 216.251.231.64.  If pfSense is routing packets addressed to 216.251.231.64 through a different interface (but not packets addressed to 216.251.231.63, which I am able to reach), shouldn't there be a file or setting somewhere to specify that?  Essentially, that was my initial question, and it's still what I'm puzzling over.

    Regarding traceroute:  When I run it from DOS, the first line shows that I've reached the pfSense box; after that, only "*  *  " until it times out.  When I run it from either the pfSense shell, or the Diagnostics menu in the WebGUI, I get nothing but "  *  *".  Just now, running it from DOS at home, the trace completed in 21 hops (including my own router).



  • @MTHead:

    Regarding which interface the packet goes out: just for giggles, I ran a tcpdump on the LAN interface (LAN is fxp0; WAN is fxp1).  As you might expect, there was a flurry of traffic between my laptop and pfSense, but I did not see any packets addressed to 216.251.231.64.

    Do you realise the significance of "did not see any packets addressed to 216.251.231.64"?

    You have just said you did not see any (that would include incoming!) packets addressed to 216.251.231.64. That implies your laptop is not sending them OR the physical connection is seriously broken!

    If the ping works when your laptop is "directly connected" to the T1 how does the laptop get its IP address? How does the laptop gets its IP address when its connected to pfSense? Do both the laptop and pfSense think they are on the same subnet in the latter case? (If not, your configuration is broken.) How will the laptop know to route 216.251.231.64 to pSense? If you are using static IPs anywhere did you restart your laptop when you changed what it was connected to? (If you didn't, how can you be sure it wasn't using stale network information?)

    You say you have disabled checksum offloading at some stage. If you aren't running with checksum offloading you should do so until further notice. (There is a known problem in the FreeBSD fxp driver that it erroneously thinks some fxps have checksum offload capability.)



  • OK, I think I finally might be on to something, but how it happened or how to fix it are still unanswered questions…

    The office is closed today, so I'm working from home; as such, I don't have physical access to the LAN interface.  So as an experiment, I opened two SSH sessions in separate windows; I presume that in this case all traffic between my machine and pfSense would be over the WAN interface?  In any case, in the first session I ran tcpdump on the LAN interface, and in the second I tried to ping Palmetto.  Result?  In the tcpdump I get lots and lots of entries like this:

    
    10:46:29.182937 arp who-has 216.251.231.64 tell 192.168.33.1
    10:46:30.183472 arp who-has 216.251.231.64 tell 192.168.33.1
    
    

    192.168.33.0 is the net I reserved for OpenVPN "road warriors".  I changed the OpenVPN net to 192.168.35.0 and tried the same experiment; the result was pretty much the same:

    
    11:13:18.106462 arp who-has 216.251.231.64 tell 192.168.35.1
    11:13:19.107454 arp who-has 216.251.231.64 tell 192.168.35.1
    
    

    I then disabled the OpenVPN tunnel and tried again - all packets went through!  No traffic was generated on the LAN interface (as I expected - why should it be?), and a tcpdump on the WAN interface looks normal - at least as far as I'm able to recognize "normal".  I re-enabled OpenVPN, and once again Palmetto is unreachable.  I'm leaving it that way for now, because the doctors need to use the system over the holiday but the billing department doesn't need to reach Palmetto until Monday…

    My next experiment, I suppose, would be to delete the OpenVPN tunnel entirely and create a new one.  I'm reluctant to do that (unless I know that it will be a permanent fix) because I would need to re-generate and re-distribute certificates.

    Assumption: Somewhere in the bowels of pfSense there is a setting that says "route all packets intended for Palmetto over OpenVPN". 
    Questions:  Where would I find this setting?  Why would it have spontaneously changed over Xmas weekend?
    If anyone has any suggestions as to where I might look, I would be much obliged.




  • @wallabybob:

    If the ping works when your laptop is "directly connected" to the T1 how does the laptop get its IP address? How does the laptop gets its IP address when its connected to pfSense? Do both the laptop and pfSense think they are on the same subnet in the latter case? (If not, your configuration is broken.) How will the laptop know to route 216.251.231.64 to pSense? If you are using static IPs anywhere did you restart your laptop when you changed what it was connected to? (If you didn't, how can you be sure it wasn't using stale network information?)

    You say you have disabled checksum offloading at some stage. If you aren't running with checksum offloading you should do so until further notice. (There is a known problem in the FreeBSD fxp driver that it erroneously thinks some fxps have checksum offload capability.)

    Direct connection:  When I attached directly to the T1, I configured my IP/netmask/gateway/DNS manually, to the same settings as the pfSense WAN interface.  When I attach to the LAN, I use DHCP.  Really, it ain't rocket surgery.

    Checksum offloading:  What I was trying to say was that I had tried both checking and unchecking BEFORE upgrading to 1.2.3Release, and it had not made a difference either way; and then AFTER the upgrade I had tried it both ways, with again no difference.  However, I did read the release notes and have left it checked, as recommended.  In any case, I'm pretty sure that this issue didn't have anything to do with checksum offloading…



  • Well, this is the first we are hearing that openvpn is involved.  One smoking gun is a host on the LAN subnet trying to ARP for a remote host.  That is most likely the root of the problem.  As to why, dunno.



  • @MTHead:

    Assumption: Somewhere in the bowels of pfSense there is a setting that says "route all packets intended for Palmetto over OpenVPN". 
    Questions:  Where would I find this setting?  Why would it have spontaneously changed over Xmas weekend?
    If anyone has any suggestions as to where I might look, I would be much obliged.

    If there is such a setting its because you activated it through your own configuration setting.

    Based on the evidence you have given you have come to the wrong conclusion. In particular you say that when you try to ping Palmetto from the laptop there are no packets with the Palmetto address in the tcpdump. This means pfSense isn't receiving the packets destined for Palmetto so of course it isn't forwarding them!
    The routing is broken on the laptop.

    The VPN adds another factor to the problem bust since you haven't given any information about it other than to mention there is a VPN I can't take it into account. I think you should really to try to understand why the VPN is in the configuration before you attempt to recreate it.

    Wild speculation: When connected directly to the internet the laptop is able to create a VPN that enables it to get to Palmetto. When connected to pfSense the laptop can't establish the VPN so "falls back" to attempting to connect with Palmetto over the only operating interface - the LAN.



  • @danswartz:

    Well, this is the first we are hearing that openvpn is involved.  One smoking gun is a host on the LAN subnet trying to ARP for a remote host.  That is most likely the root of the problem.  As to why, dunno.

    That's because it's the first time I had any idea that OpenVPN had anything to do with it.  I use OpenVPN on every pfSense box I set up - including my home router, from behind which I'm typing this.  In fact, I use the same configuration (except for certificates, of course) for all my clients (except the ones who need to use PPTP from multiple hosts, in which case I use Endian.)  I've never seen anything like this before, nor heard of it.

    Any ideas on how I could track down which host is "volunteering" to ARP?  Of course I can go to the office and unplug machines from the network one by one, but if there's a more sophisticated way to find the answer…



  • @wallabybob:

    @MTHead:

    Assumption: Somewhere in the bowels of pfSense there is a setting that says "route all packets intended for Palmetto over OpenVPN". 
    Questions:   Where would I find this setting?  Why would it have spontaneously changed over Xmas weekend?
    If anyone has any suggestions as to where I might look, I would be much obliged.

    If there is such a setting its because you activated it through your own configuration setting.

    Based on the evidence you have given you have come to the wrong conclusion. In particular you say that when you try to ping Palmetto from the laptop there are no packets with the Palmetto address in the tcpdump. This means pfSense isn't receiving the packets destined for Palmetto so of course it isn't forwarding them!
    The routing is broken on the laptop.

    The VPN adds another factor to the problem bust since you haven't given any information about it other than to mention there is a VPN I can't take it into account. I think you should really to try to understand why the VPN is in the configuration before you attempt to recreate it.

    Wild speculation: When connected directly to the internet the laptop is able to create a VPN that enables it to get to Palmetto. When connected to pfSense the laptop can't establish the VPN so "falls back" to attempting to connect with Palmetto over the only operating interface - the LAN.

    It seems to me that you answer my posts without reading them.  It seems only fair that I should read yours, and not answer it.



  • Just to follow up in case anyone else ever has a similar problem:  I added a static route, thusly:

    Interface  Network  Gateway  Description

    WAN 216.251.231.64/32 (our gateway) Palmetto

    and now my users can reach the Palmetto website.  This static route is the same as the default route, so I don't really understand why it's necessary… but it works.


Locked