Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Some sites don't load, using PPPoE

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      goncalopp
      last edited by

      Hello everyone
      I'm very new to pfsense (or any BSD), but I'm trying to set it up to be a firewall to a small network.

      I got most of it working, but some sites won't load. I've had a similar problem in another platform years ago, and I remember the MTU was wrong, but I've double checked that and it seems correct.

      My setup:

      • pfsense 2.0.2-RELEASE

      • ALIX board - alix2d13

      • DSL line attached to a modem in bridge mode

      • Using PPPoE on pfsense, MTU of 1500 on vr0 (wan port), 1492 on pppoe1

      What works:

      • SSH to outside world

      • I can "dig" everything

      • most sites (google.com, pcengines.ch, twitter.com)

      What doesn't:

      • some sites (yahoo.com, microsoft.com, flattr.com). The browser keeps loading on a blank page for a long time

      What I've already done:

      • Disable hardware checksum offload

      • restart interfaces, pppoe, pfsense, modem…

      • After setting MTU to 1500, ping works with packets up to 1464 bytes, so the MTU should be 1492. After setting MTU to 1492, situation persists

      • Packet analysis with Wireshark. On working sites, I get a small HTTP response. On sites that don't work, there's TCP fragments of 1506 bytes, but wireshark doesn't identify any packet as being HTTP

        Here's my ifconfig (vr1 is LAN):

        vr0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether [CENSORED MAC 0]
	inet6 fe80::20d:b9ff:fe2a:b5f0%vr0 prefixlen 64 scopeid 0x1 
	nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
vr1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=82808 <vlan_mtu,wol_ucast,wol_magic,linkstate>ether [CENSORED MAC 1]
	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
	inet6 fe80::20d:b9ff:fe2a:b5f1%vr1 prefixlen 64 scopeid 0x2 
	nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
vr2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=82808 <vlan_mtu,wol_ucast,wol_magic,linkstate>ether [CENSORED MAC 2]
	inet6 fe80::20d:b9ff:fe2a:b5f2%vr2 prefixlen 64 scopeid 0x3 
	nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (none)
	status: no carrier
ath0: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 2290
	ether [CENSORED MAC 3]
	media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
	status: no carrier
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 
	nd6 options=43 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
	syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
enc0: flags=0<> metric 0 mtu 1536
pflog0: flags=100 <promisc>metric 0 mtu 33200
pppoe1: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
	inet6 fe80::20d:b9ff:fe2a:b5f0%pppoe1 prefixlen 64 scopeid 0x9 
	inet 85.246.162.252 --> 194.65.169.248 netmask 0xffffffff 
	nd6 options=43 <performnud,accept_rtadv></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></broadcast,simplex,multicast></performnud,accept_rtadv></vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast>

        I'm a bit lost as to what I can do to debug this  :-\ any help is welcome

      1 Reply Last reply Reply Quote 0
      • S
        slu
        last edited by

        DNS work?

        http://forum.pfsense.org/index.php/topic,57020.0.html

        pfSense Gold subscription

        1 Reply Last reply Reply Quote 0
        • G
          goncalopp
          last edited by

          @slu:

          DNS work?

          Actually, PPPoE was returning 127.0.0.1 as the DNS server, but I went ahead and added them manually, and everything seems correct on the DNS level. As I mentioned, I can "dig" all hosts, including the sites that don't work

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Almost certainly because you need a lower value for MSS clamping.

            1 Reply Last reply Reply Quote 0
            • G
              goncalopp
              last edited by

              @cmb:

              Almost certainly because you need a lower value for MSS clamping.

              Yes! Setting Interfaces->WAN->MSS to 1492 (or lower) solves this.
              Now I can finally move on to more important configuration… Thank you so much!  ;D

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.