Some websites intermittently not reachable



  • Hi all,
    I have had pfsense working for a little over a year, and up until this week everything has been awesome. In the last couple days though, I have not been able to connect to some websites (intermittently). The problem is usually temporarily resolved when I visit the System:General Setup page and click Save. I have had this problem with a number of websites, including arstechnica.com, hardforum.com and even pfsense.org. While certain sites will not load, most others will.

    During this time, from the web interface I can ping Google.com but arstechnica results in 100% loss.

    A traceroute looks like this (times out):
    1 traceroute: wrote arstechnica.com 40 chars, ret=-1
    *traceroute: wrote arstechnica.com 40 chars, ret=-1
    *traceroute: wrote arstechnica.com 40 chars, ret=-1

    The last change that I made recently was to disable and uninstall squid - so I guess that could be related but I don't know why.

    I have looked in various logs, but I am not familiar enough to know what lines would indicate the problem. If you could let me know the relevant logs to look at or post it would be most appreciated.

    Here is the last part of a system log before the issue came up most recently:

    
    Dec 18 11:15:48	check_reload_status: Syncing firewall
    Dec 18 11:15:52	php: /system.php: NTPD is starting up.
    Dec 18 11:15:52	check_reload_status: Reloading filter
    Dec 18 11:15:55	php: rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Dec 18 11:17:19	check_reload_status: Syncing firewall
    Dec 18 11:17:23	php: /system.php: NTPD is starting up.
    Dec 18 11:17:23	check_reload_status: Reloading filter
    Dec 18 11:17:26	php: rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Dec 18 11:44:14	check_reload_status: Syncing firewall
    Dec 18 11:44:18	php: /system.php: NTPD is starting up.
    Dec 18 11:44:18	check_reload_status: Reloading filter
    Dec 18 11:44:21	php: rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Dec 18 11:45:16	check_reload_status: Syncing firewall
    Dec 18 11:45:21	php: /system.php: NTPD is starting up.
    Dec 18 11:45:21	check_reload_status: Reloading filter
    Dec 18 11:45:24	php: rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Dec 18 12:04:07	php: snort_check_for_rule_updates.php: [Snort] Snort VRT rules md5 download failed...
    Dec 18 12:04:07	php: snort_check_for_rule_updates.php: [Snort] Server returned error code 504...
    Dec 18 12:04:08	php: snort_check_for_rule_updates.php: [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
    Dec 18 12:04:08	php: snort_check_for_rule_updates.php: [Snort] Snort GPLv2 Community Rules file update downloaded successfully
    Dec 18 12:04:09	php: snort_check_for_rule_updates.php: [Snort] Emerging Threats Open rules are up to date...
    Dec 18 12:04:09	php: snort_check_for_rule_updates.php: [Snort] Updating rules configuration for: WAN ...
    Dec 18 12:04:18	php: snort_check_for_rule_updates.php: [Snort] Building new sig-msg.map file for WAN...
    Dec 18 12:04:19	SnortStartup[28723]: Snort STOP for snort on WAN(59297_re0)...
    Dec 18 12:04:20	snort[15653]: *** Caught Term-Signal
    Dec 18 12:04:20	kernel: re0: promiscuous mode disabled
    Dec 18 12:04:27	php: snort_check_for_rule_updates.php: [Snort] Snort has restarted with your new set of rules...
    Dec 18 12:04:27	php: snort_check_for_rule_updates.php: [Snort] The Rules update has finished.
    Dec 18 12:04:27	SnortStartup[31525]: Snort START for snort on WAN(59297_re0)...
    Dec 18 12:04:28	kernel: re0: promiscuous mode enabled
    
    

    It appears from the log that each time I save on the general settings page it reloads the firewall and the problem goes away for a couple minutes…

    Thanks in advance for any assistance.
    Jason



  • To add more to this, here are my DNS settings:

    No DNS servers entered on the DHCP pages.

    Thanks for anyone that can point me in the direction to troubleshoot this.



  • In trying to make this reliable again, I re-installed squid3 as it had been before all these problems started. It seemed to be better in the 24 hours since I made that change, but has now become much worse. Instead of Chrome telling me the page cannot be reached, it is a squid error "The requested url could not be retrieved". This has been killing me on eBay and walmart.com this afternoon. Any tips what I need to do to find out what is causing this?

    Thanks,
    Jason


Log in to reply