Packages for 1.2-RC2 - Cannot connect to pfsense.com?



  • I am starting a new thread from another because the thread is taking a different direction…

    I have been trying to install pfsense v1.2-rc2 for a while now and the results have been the same - installation goes reasonably well but after installation, I cannot download packages.

    The following is a quote from another thread...and I have tried this.

    @Cry:

    Sounds like either a DNS, routing or firewall problem.

    From the pfsense host:

    1. Can you resolve pfsense.com? "ping -c 1 -t 1 pfsense.com" from the command line
          This should give you an IP, but will the ping will fail

    2. Can you fetch a file from pfsense.com: "fetch -o /tmp/test http://pfsense.com/" from the command line
          This should give you a file in /tmp, called test, that is the home page of pfsense.com

    Number 1 succeeds
    Number 2 times out - however, if I try to do the same with http://www.google.com, it downloads the google page and saves it as "test".

    The results of number 2 above are leaving me a bit confused and frustrated at this point (wanting to point to a problem with pfsense.com).

    My setup is the following:

    inet <–---->  Modem  <-------------->  pfsense f/w <---------------> LAN
                WAN: ADSL2 Dynamic IP        WAN: 192.168.0.2                network: 192.168.1.x
                Internal: 192.168.0.1            LAN:  192.168.1.254
                  (static ip above)              DHCP: 192.168.1.x

    The pfsense install has been upgraded using today's firmware found at the following link: http://snapshots.pfsense.org/FreeBSD6/RELENG_1_2/updates/
    (I hoped this might improve the situation, it did not.)

    Any suggestion or help would be appreciated.

    L



  • Ok, so what IP do you get for pfsense.com?

    On any other host between the modem and the pfsense host, can you connect to pfsense.com?



  • The IP that comes back from the "ping -c 1 -t 1 pfsense.com" command is: 69.64.6.13

    As far as other machines being able to connect to pfsense.com - I am currently using a PC connecting through the pfsense f/w and it certainly loads the http://pfsense.com web page. (Resolves to the same ip address as above on this PC as well.)

    Am I wrong that this is very strange?



  • @lensor:

    The IP that comes back from the "ping -c 1 -t 1 pfsense.com" command is: 69.64.6.13

    As far as other machines being able to connect to pfsense.com - I am currently using a PC connecting through the pfsense f/w and it certainly loads the http://pfsense.com web page. (Resolves to the same ip address as above on this PC as well.)

    Am I wrong that this is very strange?

    Run these tests from a pfSense console not a client behind pfSense.



  • Just to be clear, these tests were done from the console (selecting "shell" from the pfsense firewall machine) as reported in my original post.



  • Do your other hosts have a proxy set up?



  • Your DNS appears to be working properly. If you can fetch google.com and other sites, Internet access from your firewall is working. If you can access the site from the LAN and the LAN is NAT'ed to the WAN IP, there aren't any connectivity issues between you and our servers.

    That leaves only one possibility that I can see - one of the above isn't true. fetch is fetch, the package system is completely identical on all installs, and it works for everybody else. Something doesn't add up.

    Can you paste the exact output you get from:
    fetch -o /tmp/test http://pfsense.com/



  • The results from the console look as following:

    #fetch -o /tmp/test http://pfsense.com
    fetch: transfer timed out



  • I had the same problem when running the modem in bridge or half bridge mode. how is your modem configured?



  • I've forwarded all traffic (all ports) to the firewall wan ip address.

    It is a thompson speedtouch modem - I'm not happy with the options on that modem but it's worked this way with IPCOP and Astaro - the astaro had no problems downloading it's updates.

    (There is an option to assign a device to the DMZ, but it won't let me do that for some reason…So I've used the port forwarding option (on the speedtouch called "application & game sharing") to create an application called IPCOP that includes all ports/protocols and forwarded to the IP address of the f/w wan nic.)

    Does the above translate to "bridged mode"?

    I hoped this would not be a discussion about the modem, as the other f/w's did not have any problem contacting the internet with the modem set as it is.



  • A bit more information that I've seen after installing a syslog server to monitor the firewall.

    I see the following error after clicking on  "Packages"

    php: /pkg_mgr.php: xmlrpc communication error: rpc server did not send response before timeout.

    Is it possible the time-out is too short?  How could I change this?

    L



  • PM me your public IP, I'll put a logging rule in on our server to see what it's seeing and check the web logs.

    Also try:

    fetch -o /tmp/test http://cvstrac.pfsense.org
    fetch -o /tmp/test http://forum.pfsense.org

    The former hosted on the same server, latter on another server on the same network.



  • I'm suffering the same strange problem. I'm using 1.2RC3.

    fetch -o /tmp/test http://pfsense.com/

    fetch: transfer timed out

    fetch -o /tmp/test http://google.com/

    fetch: http://google.com/: size of remote file is not known
    /tmp/test                                            3917  B  824 kBps

    fetch -o /tmp/test http://cvstrac.pfsense.org

    fetch: transfer timed out

    fetch -o /tmp/test http://forum.pfsense.org

    fetch: transfer timed out

    I've seen with tcpdump that outgoing traffic is from my WAN CARP address, don't know if something to do with this …

    lensor, have you resolved it finally ?

    best regards.



  • it seems to connect to http port, but there is no dialog … only get timeout

    telnet pfsense.com 80

    Trying 69.64.6.13...
    Connected to pfsense.com.
    Escape character is '^]'.

    GET /index.php HTTP/1.0

    On the other wan carp host member i neither receive packets from 69.64.6.13

    Also tried this :

    fetch http://www.pfsense.com/~sullrich/tools/easyrsa.txt

    easyrsa.txt                                  100% of  736  B 4251 kBps

    and it works ...

    whats is the exact url related to packages ?


Log in to reply