Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Random public networks no longer accessible

    Scheduled Pinned Locked Moved Routing and Multi WAN
    8 Posts 4 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jenkins665
      last edited by

      Hi Everyone,

      First time pfSense user here.  It's working perfectly except for one back-breaking issue - for some reason, seemingly random public networks are no longer accessible.

      Some sites I can browse to without issue:
      www.google.com
      www.woot.com
      www.reddit.com

      Sites that timeout:
      www.bostonpizza.com
      www.ucalgary.ca
      www.speedtest.net

      If I tracert to the sites that do work, everything works as expected. Traffic hits my local gateway and goes out to the internet without issue. If I tracert to a site that doesn't work, my LAN gateway (192.168.0.1 LAN int) returns a Destination Host Unreachable error which most tshooting says is a routing problem.

      There's no static routes and the default route points to my ISP's gateway on the WAN int. My public IP and my ISP gateway are on the correct net. Outbound firewall permits all traffic. Outbound NAT is set to automatic. I'm not performing any type of URL or IP filtering.  The sites are inaccessible from all machines on my local network as well as the pfSense box itself.  I don't understand why traffic destined for certain public nets are reachable while other public nets are not.

      I've rebooted my computer, switch and pfsense box. Issue persists. If I remove the pfSense box and patch the D-Link back in, everything works fine.

      Any assistance the community can provide would be greatly accepted.  I've been looking to replace that D-Link box for sometime and pfSense is the perfect solution but it's unusable at the moment.

      1 Reply Last reply Reply Quote 0
      • J
        Jenkins665
        last edited by

        An update.  Still not working.  I've done the following:

        Complete re-install.  Removed the i386 version and went with amd64.  Installed two brand new NICs (the old WAN interface was an nforce chip.)  Default settings across the board.

        Issue persists.

        1 Reply Last reply Reply Quote 0
        • E
          extide
          last edited by

          That really weird, all config looks good to me..

          1 Reply Last reply Reply Quote 0
          • J
            Jenkins665
            last edited by

            Another update.  I did a clean install of 2.0.1 amd64.  Exact same issues.  I noticed that Wikipedia.org doesn't load either.  Oh well.  I don't know what else to try.  The folks over at Reddit where incredibly helpful but they're out of options as well.  Unless there's a way to do a full system dump and provide it to a pfSense core dev, I'm done :(  Time to go pick-up a Cisco ASA.

            1 Reply Last reply Reply Quote 0
            • H
              hackin8
              last edited by

              Just a thought - to try and help diagnosis.  Have you tried a ping from inside pfs (under diagnostics) and a traceroute from BSD cli as well?  Any difference in response?

              Otherwise can also not see anything wrong evident in youir setup….

              1 Reply Last reply Reply Quote 0
              • J
                Jenkins665
                last edited by

                Resolved.  A user on Reddit said they had this same issue.  They had manually configured the WAN port and noticed odd connection issues like this.  They suggested restoring defaults and using the Setup Wizard in the GUI.  This fixed the issue.  I compared the settings from before and after using the Setup Wizard and they're identical.  No clue what changed but oh well, issue is resolved.

                1 Reply Last reply Reply Quote 0
                • E
                  extide
                  last edited by

                  That sounds like a bug, might want to ping one of the developers about that.

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    I've seen that same described issue several times. Every time because of seriously screwing up a subnet mask, like putting a /1 mask on an interface, so the system thinks a gigantic chunk of the Internet should be locally reachable. Obviously that breaks things.

                    There's no magic in the setup wizard. It's not possible to go through it and end up with the same config at the end and have it magically fix things.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.