Unable to connect to pfsense.com
-
Hi there,
I've got a weird situation connecting to package manager on www.pfsense.com.
The System is a PFsense 2.0.1 .
The LAN Interface is connected to vr0 using IP address 10.150.150.254/24 an no gateway defined ( like all the 1.2.X Firewalls I configured ) .
The WAN Interface is connected to vr1 and further drectly connected to the ISP Modem ( Cisco800) using the ISP assigned IP adress with a Mask 255.255.255.248 and the Cisco 800 as default gateway .All the communication from the clients on the LAN interface to the Internet is working fine as designed …
When I want to connect to the Package Manager I get "cannot communicate with pfsense.com".
On the console I tried to ping www.pfsense.com and got the result :
PING www.pfsense.org (69.64.6.21): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is downSo as a result , the DNS Resolution is OK.
If i try to traceroute the webserver i get :
traceroute to www.pfsense.org (69.64.6.21), 64 hops max, 40 byte packets
1 * * *
2 * *traceroute: sendto: Host is down
traceroute: wrote www.pfsense.org 40 chars, ret=-1
*
traceroute: sendto: Host is down
3 traceroute: wrote www.pfsense.org 40 chars, ret=-1
*traceroute: sendto: Host is down
traceroute: wrote www.pfsense.org 40 chars, ret=-1So it cannot connect either ...
If I traceroute using the WAN interface i get the proper results
traceroute to www.pfsense.org (69.64.6.21), 64 hops max, 40 byte packets
1 <ispgateway-ip>(<ispgateway-ip>) 1.734 ms 1.148 ms 1.473 ms
2 62.47.95.239 (62.47.95.239) 15.519 ms 95.104 ms 8.798 ms
3 172.19.92.69 (172.19.92.69) 89.830 ms 12.660 ms 91.613 ms
4 195.3.118.197 (195.3.118.197) 22.086 ms 85.865 ms 103.976 ms
5 195.3.68.118 (195.3.68.118) 18.706 ms
195.3.70.158 (195.3.70.158) 110.511 ms 89.170 ms
6 212.73.203.137 (212.73.203.137) 128.766 ms 104.127 ms 103.268 ms
7 ae-11-11.car1.Vienna1.Level3.net (4.69.135.29) 22.720 ms 32.147 ms 21.611 ms
8 ae-6-6.ebr1.Frankfurt1.Level3.net (4.69.135.34) 31.769 ms 34.134 ms 49.742 ms
9 ae-46-46.ebr2.Paris1.Level3.net (4.69.143.138) 39.603 ms
ae-45-45.ebr2.Paris1.Level3.net (4.69.143.134) 40.809 ms
ae-47-47.ebr2.Paris1.Level3.net (4.69.143.142) 44.424 ms
10 ae-43-43.ebr2.Washington1.Level3.net (4.69.137.58) 121.894 ms 197.700 ms
ae-44-44.ebr2.Washington1.Level3.net (4.69.137.62) 146.202 ms
11 ae-72-72.csw2.Washington1.Level3.net (4.69.134.150) 135.518 ms
ae-62-62.csw1.Washington1.Level3.net (4.69.134.146) 124.071 ms
ae-72-72.csw2.Washington1.Level3.net (4.69.134.150) 136.328 ms
12 ae-71-71.ebr1.Washington1.Level3.net (4.69.134.133) 204.181 ms
ae-61-61.ebr1.Washington1.Level3.net (4.69.134.129) 122.041 ms
ae-71-71.ebr1.Washington1.Level3.net (4.69.134.133) 206.717 ms
13 ae-2-2.ebr3.Atlanta2.Level3.net (4.69.132.85) 136.971 ms 132.334 ms 130.703 ms
14 ae-73-73.ebr2.Atlanta2.Level3.net (4.69.148.254) 135.767 ms 214.182 ms 201.474 ms
15 ae-8-8.car1.Nashville1.Level3.net (4.69.140.229) 259.542 ms 206.073 ms 144.472 ms
16 ae-11-11.car2.Nashville1.Level3.net (4.69.140.225) 141.626 ms 138.678 ms 145.435 ms
17 ae-2-2.car2.Louisville1.Level3.net (4.69.140.221) 171.954 ms 149.479 ms 188.895 ms
18 ae-11-11.car1.Louisville1.Level3.net (4.69.140.217) 382.131 ms 206.022 ms 203.768 ms
19 BLUEGRASSNE.car1.Louisville1.Level3.net (4.59.184.6) 176.738 ms 212.497 ms 163.835 ms
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *Do I have a configuration problem or should i talk to the ISP because of a routing problem ?
Thanks for answers
Wolfgang</ispgateway-ip></ispgateway-ip>
-
The pfSense.com/org domain does not repsond to pings so this not a good test.
Check that you have the correct settings for the package manager, go to:
https://10.150.150.254/pkg_mgr_settings.php
Make sure it is still set to default (unchecked).At the console try this:
[2.0.1-RELEASE][root@pfsense.fire.box]/root(1): fetch -o /dev/null http://www.pfsense.org/packages/pkg_config.8.xml /dev/null 100% of 85 kB 196 kBpsIf this is successful you should be in business.
Is the system able to check for updates correctly? 'You are on the latest version' shown on the dashboard.
Steve
-
Hi stephenw10,
i've checked the package manager settings , it is unchecked …
if i try to fetch the xml from the console , i get no response ( timeout ).
fetch: http://www.pfsense.org/packages/pkg_config.8.xml: No route to host
Can this be a strange outbound nat thing ?
-
Can this be a strange outbound nat thing ?
Unlikely. Why do you ask? Do you have a complex configuration?
Can you ping/traceroute other sites from the pfSense box?
Can you retrieve pkg_config.8.xml from one of your internal client machines?
Are you or have you ever been running Snort?
Steve
-
sounds like you don't actually have a default gateway ("no route to host" indicates as such), though the other thing you pasted, "ping: sendto: Host is down" indicates a wrong subnet mask somewhere, or a wrong route. That indicates it can't ARP the destination host, which it won't ever attempt for an Internet-reachable host unless you do something crazy like assign a /1 mask to an interface or similar. It may also do that if it can't ARP the route for that network.
