Allowed hostnames/ip addresses for paypal sloooooow

islandwifibill

Hi ev1,

I've noticed that connections are often incredibly slow going to paypal, even though I've added just about every ip address having anything to do with them (determined by watching the state table report connections in various states and then confirmed via nslookup on my name server).  I've also put every hostname, cname, etc I can find in our walled garden (allowed hostnames).  There are no firewall rules blocking these addresses.

Almost every paypal IP address begins with "66.235." although anything might show up in the last two octets.  So I've fooled around with 66.235.0.0/x and found something that seems to work-ish.  My concern is that this allows some connections that may have nothing to do with paypal.  And paypalobjects.com is VERY hit and miss.  According to google, it can be caused by various wireless dongles, etc.  However, I have had no trouble connecting to paypalobjects when logged in to the captive portal wirelessly.  It's only when I try to allow it through for people to sign up that the problems arise, and this correlation alone convinces me that there is something amiss with the CP setup in pfsense.

QUESTION:  well, it's pretty general really:  wtf is going on with the captive portal and the walled garden?

Is this some bug in 2.0.1?  I tried an upgrade several weeks ago to 2.0.2, but ran into problems so I rolled it back.

This is a huge pain in the ass for us, as it discourages customers from signing up.

P.S. – if you're a socialist with a smart attitude, don't bother replying.  :)

islandwifibill

bump