I just can't reach a lot of sites (not MTU problem)
-
Well, the symptoms of my problem are exactly the same as many others have had, and solved by lowering their MTU: I can reach some sites just fine, whereas others are unreachable, although I can resolve the address to it.
I've tried messing around with MTU, but even at the lowest possible setting, nothing changes.
I asked my ISP whether they do any ICMP filtering and got a negative reply.
I connect with an external static ip through an ethernet outlet in my wall, so no PPPoE or anything like that.
I haven't added any custom NAT/firewall rules, I'm just going with the bare necessities of settings here.
Traceroutes to the sites I can't reach goes to the pfSense machine's LAN ip alright, and after that, everything is just unreachable. sites that work seems to work normally (well, duh).
This problem has persisted from RC2, to RC3, to 1.0-RELEASE now, and it's looking like I'll have to give up on pfSense, which would be a shame because I've been awaiting it eagerly.
Any help, or even ideas as to what could possibly be the problem would be GREATLY appreciated.
-
Do you have a private IP-Range at your WAN? Are you sure your subnetmask at WAN is correct? In case it is too big you won't be able to connect to some sites that then are expected to be in your local WAN segment.
-
No, the IP range is public (213.199.*) and the subnetmask (255.255.255.0) seems right too. Either way, the IPs of sites I can't connect to are seemingly random, completely different ranges than mine. I'm really at a loss here. I'm going to try switching out my NICs just to be sure, although I've tried that before too. I might have messed something up the last time, I was tired.
-
If you traceroute to these IPs, where does the route die? Directly at your pfSense or somewhere in the providers network?
-
Well, changing NICs did nothing, but that was expected.
If you traceroute to these IPs, where does the route die? Directly at your pfSense or somewhere in the providers network?
Yeah, right at the pfSense. 1 hop (192.168.1.1) and then everything times out. :-\
-
Okay did you test using just one single box/OS or do you get the same behaviour using different boxes and different OS types?
Regards
Daniel S. Haischt -
Okay did you test using just one single box/OS or do you get the same behaviour using different boxes and different OS types?
Regards
Daniel S. HaischtI've tried with Windows XP and Mac OSX, same results. Also, because I'm sure someone will ask, everything works just fine if I don't use the pfSense box at all, I've had Windows XP, FreeBSD, OpenBSD, OSX and Nexenta (opensolaris) and AIX 5.2 connected straight to the wall without a problem.
-
How about traceroutes to sites you can reach? Just curious if the traceroute looks the same or different.
What about traceroutes from the pfsense box itself? There's probably something obvious at play here that we're just missing.–Bill
-
How about traceroutes to sites you can reach? Just curious if the traceroute looks the same or different.
What about traceroutes from the pfsense box itself? There's probably something obvious at play here that we're just missing.–Bill
Traceroutes to sites I can reach look perfectly normal, traceroutes from the pfSense box itself, as far as I can remember, didn't work at all.
Unfortunately I can't do any more testing/troubleshooting, I got too impatient, got a new PC coming soon and I want to get my little home network set up again before I have to deal with assembling and installing that, so I wiped the pfSense installation and tried SmoothWall, which works perfectly. I'm sad to have to let pfSense go though, I strongly prefer BSD to Linux in general, and I like PF a lot, so I would have liked to support this project by using it.
EDIT: Oh, thanks for the help you guys tried to give btw.
-
OMG - SmoothWall as a replacement for pfSense :'(
-
OMG - SmoothWall as a replacement for pfSense :'(
Hi all,
Does Smoothwall support multi-wan? -
-
OMG - SmoothWall as a replacement for pfSense :'(
Hi all,
Does Smoothwall support multi-wan?Maybe not the right forum to ask about smoothwall but afaik it doesn't.