Random public networks no longer accessible

Jenkins665

Hi Everyone,

First time pfSense user here.  It's working perfectly except for one back-breaking issue - for some reason, seemingly random public networks are no longer accessible.

Some sites I can browse to without issue:
www.google.com
www.woot.com
www.reddit.com

Sites that timeout:
www.bostonpizza.com
www.ucalgary.ca
www.speedtest.net

If I tracert to the sites that do work, everything works as expected. Traffic hits my local gateway and goes out to the internet without issue. If I tracert to a site that doesn't work, my LAN gateway (192.168.0.1 LAN int) returns a Destination Host Unreachable error which most tshooting says is a routing problem.

There's no static routes and the default route points to my ISP's gateway on the WAN int. My public IP and my ISP gateway are on the correct net. Outbound firewall permits all traffic. Outbound NAT is set to automatic. I'm not performing any type of URL or IP filtering.  The sites are inaccessible from all machines on my local network as well as the pfSense box itself.  I don't understand why traffic destined for certain public nets are reachable while other public nets are not.

I've rebooted my computer, switch and pfsense box. Issue persists. If I remove the pfSense box and patch the D-Link back in, everything works fine.

Any assistance the community can provide would be greatly accepted.  I've been looking to replace that D-Link box for sometime and pfSense is the perfect solution but it's unusable at the moment.

Jenkins665

An update.  Still not working.  I've done the following:

Complete re-install.  Removed the i386 version and went with amd64.  Installed two brand new NICs (the old WAN interface was an nforce chip.)  Default settings across the board.

Issue persists.

extide

That really weird, all config looks good to me..

Jenkins665

Another update.  I did a clean install of 2.0.1 amd64.  Exact same issues.  I noticed that Wikipedia.org doesn't load either.  Oh well.  I don't know what else to try.  The folks over at Reddit where incredibly helpful but they're out of options as well.  Unless there's a way to do a full system dump and provide it to a pfSense core dev, I'm done :(  Time to go pick-up a Cisco ASA.

hackin8

Just a thought - to try and help diagnosis.  Have you tried a ping from inside pfs (under diagnostics) and a traceroute from BSD cli as well?  Any difference in response?

Otherwise can also not see anything wrong evident in youir setup….

Jenkins665

Resolved.  A user on Reddit said they had this same issue.  They had manually configured the WAN port and noticed odd connection issues like this.  They suggested restoring defaults and using the Setup Wizard in the GUI.  This fixed the issue.  I compared the settings from before and after using the Setup Wizard and they're identical.  No clue what changed but oh well, issue is resolved.

extide

That sounds like a bug, might want to ping one of the developers about that.

cmb

I've seen that same described issue several times. Every time because of seriously screwing up a subnet mask, like putting a /1 mask on an interface, so the system thinks a gigantic chunk of the Internet should be locally reachable. Obviously that breaks things.

There's no magic in the setup wizard. It's not possible to go through it and end up with the same config at the end and have it magically fix things.