Some machines on my default VLAN are not accessing Web

glaubergad

Friends,

I'm having a strange issue on My PFSense network. I'm using PFSense box as internet gateway and DHCP server and the both features are working good.

What's happening is that some Windows7 machines are receiving DHCP configuration correctly, but they don't have connectivity. If i traceroute from one of that, my packages stops on PFsense wan and don't go anywhere. Sometimes, the situation is resolved with a reboot and sometimes not.

Is it possible that an old block rule is active that is not showing up on http frontend? I don't have any blocking rules active on http console.

johnpoz

"If i traceroute from one of that, my packages stops on PFsense wan"

What?  A traceroute to something outside your network should never show your pfsense wan as a hop.

It would go your pfsense LAN that your connected too - this is your gateway, and the next hop would be the gateway pfsense has for your isp/wan connection

Tracing route to www.google.com [74.125.227.176]
over a maximum of 30 hops:

1    1 ms    <1 ms    <1 ms  pfsense.local.lan [192.168.1.253]
  2    31 ms    27 ms    27 ms  c-24-13-176-1.hsd1.il.comcast.net [24.13.176.1]
  3    10 ms    10 ms    8 ms  te-0-0-0-17-sur03.mtprospect.il.chicago.comcast.net [68.85.131.149]

See hop 2 is my ISP.. You should not be seeing pfsense wan in that trace..

Can you post it doing that??

glaubergad

That's the point

The trace don't go through the pfsense.

What I want to know is how to check if that is any block rule going on that is not showing on http frontend.

And remembering, it just happens on some machines, not everyone.

How can i print out active firewall rules.

Actually i have another information. I use transparent proxy. When i setup fixed proxy config on browser, I can access web through this machines.

doktornotor

Post the traceroute, route print and ipconfig /all output from the broken machines.

johnpoz

" I use transparent proxy."

Well that could be the issue..  But lets see this trace - so your last hop is your "lan" not your wan..  And you say normally machines show your ISP in their trace?

When you say reboot fixes it - reboot of pfsense, or reboot of machine?

So machine that works shows your ISP in the hop – some boxes don't answer traceroute..  Maybe your isp is one of them?

What are your lan rules currently?  Can you post them..  When you have the problem is it only web based traffic, or does say ping fail as well..  Find something on the internet that answers ping..

say
C:\Windows\System32>ping www.pfsense.org

Pinging www.pfsense.org [192.207.126.26] with 32 bytes of data:
Reply from 192.207.126.26: bytes=32 time=50ms TTL=52
Reply from 192.207.126.26: bytes=32 time=51ms TTL=52

Now when your machines have the issue - does this also fail?

glaubergad

The issue is solved.

Nothing to do with PFSense.

That's a failure in windows 7 using Bonjour

This cause a redundance of default gateways. The system create an "on-link" route 0.0.0.0 beside the default route assigned by DHCP.

There is a Fix-IT from Microsoft that solves the problem.

That's the link to download it

http://support.microsoft.com/kb/970313

doktornotor

@glaubergad:

That's a failure in windows 7 using Bonjour
There is a Fix-IT from Microsoft that solves the problem.

The real solution would be to not use Windows. And if you must, at least to not install Bitten Fruit junk on it.

kejianshi

Apple and Windows together on one machine?  Whats could possibly go wrong? ::)

johnpoz

really people need a fixit for

"route delete 0.0.0.0"

wtf – these people should not be on a computer in the first place ;)