On Oct 1, 2008, at 5:18 PM, BSD Wiz wrote:
have rules to allow allow traffic out on port 80 and 443. I have
also(just to be sure) allowed *ALL* traffic out from my static ip on
my macbook. Problem is I can't get to the site subaru.com.
I'm also jumping in late to the thread. Have you
On Sat, Oct 11, 2008 at 11:28 AM, David McNett [EMAIL PROTECTED] wrote:
On Oct 1, 2008, at 5:18 PM, BSD Wiz wrote:
have rules to allow allow traffic out on port 80 and 443. I have also(just
to be sure) allowed *ALL* traffic out from my static ip on my macbook.
Problem is I can't get to the
Coming late into this thread, I think I can add some salt to it :)
I have the exact same problem to one of the sites, one I actually worked for
two years ago, so I know about the setup there.
At home I have pppoe to ISP and pfsense 1.2.1, problematic site has (probalby
still) pfsense 0.9.6
On Thu, Oct 2, 2008 at 12:38 AM, BSD Wiz [EMAIL PROTECTED] wrote:
i know, i just want to check out the new wrx's and sti!!
tried messing with the mtu without any luck.
ok, here is tcpdump running on my pfsense firewall(unixbox.gnet). you can
see my request to subaru.com and then the reply
try doing telnet subaru.com 80, then GET / HTTP1.0 and hit return a
few times.
if you get a partial response which hangs part way, MTU should be suspected.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
No, there are not any drops in the logs.
-Phil G
On Oct 2, 2008, at 1:02 AM, Chris Buechler [EMAIL PROTECTED]
wrote:
On Thu, Oct 2, 2008 at 12:38 AM, BSD Wiz [EMAIL PROTECTED] wrote:
i know, i just want to check out the new wrx's and sti!!
tried messing with the mtu without any luck.
I never get a response from the firewall therefore I cannot connect
via telnet over port 80. Telneting to the site from the de works but
not from the client machine.
-Phil G
On Oct 2, 2008, at 4:14 AM, Paul Mansfield it-admin-
[EMAIL PROTECTED] wrote:
try doing telnet subaru.com 80,
BSD Wiz wrote:
I never get a response from the firewall therefore I cannot connect via
telnet over port 80. Telneting to the site from the de works but not
from the client machine.
it sounds a bit like the automatic bogons blocking list has subaru in it.
try going to the wan interfaces
Paul Mansfield wrote:
BSD Wiz wrote:
I never get a response from the firewall therefore I cannot connect via
telnet over port 80. Telneting to the site from the de works but not
from the client machine.
it sounds a bit like the automatic bogons blocking list has subaru in it.
That
Open /etc/inc/filter.inc and search for pppoeclient:
after 4 line of that enter this
set iface enable tcpmssfix
and retry connecting the pppoe and see if that fixes the problem.
I was having the same problems with mail.yahoo/hotmail/msn messenger
and some other sites on one installation and that
This is a cable modem, and it works if I directly connect to my modem.
-Phil G
On Oct 2, 2008, at 10:45 AM, Ermal Luçi [EMAIL PROTECTED] wrote:
Open /etc/inc/filter.inc and search for pppoeclient:
after 4 line of that enter this
set iface enable tcpmssfix
and retry connecting the pppoe
have you run wireshark between the firewall and the system to see if it is
actually entering the LAN traffic and might just be the mac screwing up?
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: Thu, 2 Oct 2008 10:53:31 -0500
Subject: Re: [pfSense Support] Can't connect to subaru.com
: [EMAIL PROTECTED]
To: support@pfsense.com
Date: Thu, 2 Oct 2008 10:53:31 -0500
Subject: Re: [pfSense Support] Can't connect to subaru.com on port
80
This is a cable modem, and it works if I directly connect to my
modem.
-Phil G
On Oct 2, 2008, at 10:45 AM, Ermal Luçi [EMAIL PROTECTED
buy a porsche or new pfsense compatible hardware :-)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
BSD Wiz wrote:
Yep. Tcpdump. Traffic doesn't come back from fw.
-Phil G
so, the firewall is passing the traffic, web server responds but the
originating computer never sees that response??!!
-
To unsubscribe, e-mail: [EMAIL
Also, I assume your tcpdump was on the LAN interface, aka the network your
client box is connected to? Run a tcpdump on the WAN and see what hits it...
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
- Paul Mansfield [EMAIL PROTECTED] wrote:
BSD Wiz wrote:
Yep.
No, the firewall does not pass the traffic.
-Phil G
On Oct 2, 2008, at 12:12 PM, Paul Mansfield it-admin-
[EMAIL PROTECTED] wrote:
BSD Wiz wrote:
Yep. Tcpdump. Traffic doesn't come back from fw.
-Phil G
so, the firewall is passing the traffic, web server responds but the
originating
The traffic is passed in from the wan but the LAN interface never
sends it out to my host.
-Phil G
On Oct 2, 2008, at 12:13 PM, Tim Nelson [EMAIL PROTECTED] wrote:
Also, I assume your tcpdump was on the LAN interface, aka the
network your client box is connected to? Run a tcpdump on the
pfSense 1.2.1 RC1
only add-on package installed is iperf.
I have rules to allow allow traffic out on port 80 and 443. I have
also(just to be sure) allowed *ALL* traffic out from my static ip on
my macbook. Problem is I can't get to the site subaru.com.
I don't see anything in the logs and
On Wed, Oct 1, 2008 at 6:18 PM, BSD Wiz [EMAIL PROTECTED] wrote:
pfSense 1.2.1 RC1
only add-on package installed is iperf.
I have rules to allow allow traffic out on port 80 and 443. I have also(just
to be sure) allowed *ALL* traffic out from my static ip on my macbook.
Problem is I can't
i'm connected via cable modem, mtu is set to 1500.
thanks
-phil
On Oct 1, 2008, at 5:23 PM, Chris Buechler wrote:
On Wed, Oct 1, 2008 at 6:18 PM, BSD Wiz [EMAIL PROTECTED] wrote:
pfSense 1.2.1 RC1
only add-on package installed is iperf.
I have rules to allow allow traffic out on port
It may be helpful to see your rulesets on your LAN and WAN interfaces... or
paste the pertinent XML from your config file..
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
- BSD Wiz [EMAIL PROTECTED] wrote:
i'm connected via cable modem, mtu is set to 1500.
thanks
]
Sent: Wednesday, October 01, 2008 3:46 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Can't connect to subaru.com on port 80
It may be helpful to see your rulesets on your LAN and WAN interfaces... or
paste the pertinent XML from your config file..
Tim Nelson
Systems/Network Engineer
could connect and half could not.)
-Tim
-Original Message-
From: Tim Nelson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 01, 2008 3:46 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Can't connect to subaru.com on port 80
It may be helpful to see your rulesets
.
(weird thing was half our clients could connect and half could not.)
-Tim
-Original Message-
From: Tim Nelson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 01, 2008 3:46 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Can't connect to subaru.com on port 80
It may be helpful
Support] Can't connect to subaru.com on port 80
It may be helpful to see your rulesets on your LAN and WAN
interfaces... or paste the pertinent XML from your config file..
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
- BSD Wiz [EMAIL PROTECTED] wrote:
i'm connected via
And a big 'Sorry' to the list for not removing that huge chunk of XML from my
reply... :-(
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
- Tim Nelson wrote:
Turn logging on for your last rule on your LAN that drops all otherwise
specified traffic. Your logs
Can you telnet to port 80 to subaru.com? What IP do you get if you ping
it. I get 67.202.194.73.
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
On Wed, Oct 1, 2008 at 6:19 PM, Tim Nelson [EMAIL PROTECTED] wrote:
And a big 'Sorry' to the list for not removing
logging is already turned on for the drop all rule. it doesn't show
anything getting blocked when i go to subaru.com.
let me try the any to any rule.
thanks!
-phil
On Oct 1, 2008, at 6:19 PM, Tim Nelson wrote:
And a big 'Sorry' to the list for not removing that huge chunk of
XML from my
i can only telnet to port 80 from the pfsense box. i cannot telnet
from my machines on the lan.
if i try and ping subaru.com it resolves to 67.202.194.73 but it
seems that they drop ICMP traffic.
thanks,
-phil
On Oct 1, 2008, at 6:24 PM, Curtis LaMasters wrote:
Can you telnet to port
Check with your upstream provider, to make sure they are not blocking
it.. Or you can check yourself by bypassing the firewall.
Adam
BSD Wiz wrote:
logging is already turned on for the drop all rule. it doesn't show
anything getting blocked when i go to subaru.com.
let me try the any to any
What happens in your state table when users on the lan try to go to the
site?
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
On Wed, Oct 1, 2008 at 6:29 PM, BSD Wiz [EMAIL PROTECTED] wrote:
i can only telnet to port 80 from the pfsense box. i cannot telnet from
already did.
if i plug directly into my cable modem i can get there.. plus i can
telnet from the pfsense box to subaru.com over port 80.
-phil
On Oct 1, 2008, at 6:30 PM, [EMAIL PROTECTED] wrote:
Check with your upstream provider, to make sure they are not
blocking it.. Or you can check
looks normal.
tcp
67.202.194.73:80 - 172.16.0.25:49657
SYN_SENT:ESTABLISHED
tcp
172.16.0.25:49657 - 24.183.138.36:59156 - 67.202.194.73:80
ESTABLISHED:SYN_SENT
there, now you all know my public ip :)
-phil
On Oct 1, 2008, at 6:30 PM, Curtis LaMasters wrote:
What happens in your state
On Wed, Oct 1, 2008 at 7:00 PM, Tim Nelson [EMAIL PROTECTED] wrote:
Are you blocking any ICMP traffic? PMTU (MTU path discovery) relies on ICMP
to automagically determine the proper MTU...
On nearly all of my installations, I'm blocking EVERYTHING including ICMP on
the WAN and PMTU still
no luck with the any any rule either. same thing.
this is really strange. i'll keep poking around.
thanks again gents.
-phil
On Oct 1, 2008, at 6:15 PM, Tim Nelson wrote:
Turn logging on for your last rule on your LAN that drops all
otherwise specified traffic. Your logs should show
do you guys think i should revert back to version 1.2 and test it?
-phil
On Oct 1, 2008, at 6:59 PM, Chris Buechler wrote:
On Wed, Oct 1, 2008 at 7:00 PM, Tim Nelson [EMAIL PROTECTED]
wrote:
Are you blocking any ICMP traffic? PMTU (MTU path discovery)
relies on ICMP to automagically
On Wed, Oct 1, 2008 at 9:23 PM, BSD Wiz [EMAIL PROTECTED] wrote:
do you guys think i should revert back to version 1.2 and test it?
I would say there isn't a good chance that would change anything, but
someone seems to be reporting a similar problem on the forum that
reportedly didn't exist in
yeah, 1.2 doesn't work either. the problem does in fact appear to
only affect certain hosts as other machines on my network can reach
the site. specifically, an iphone and freebsd server.
-phil
On Oct 1, 2008, at 10:04 PM, Chris Buechler wrote:
On Wed, Oct 1, 2008 at 9:23 PM, BSD Wiz
On Wed, Oct 1, 2008 at 11:55 PM, BSD Wiz [EMAIL PROTECTED] wrote:
yep, i looked at it using tcpdump. i just see syn packets going out the
door, i never get any syn-acks back.
22:50:47.417326 IP unixbox.gnet.49330 subaru.com.http: S
3917131801:3917131801(0) win 65535 mss 1460,nop,wscale
On Wed, Oct 1, 2008 at 11:12 PM, Chris Buechler [EMAIL PROTECTED] wrote:
On Wed, Oct 1, 2008 at 11:55 PM, BSD Wiz [EMAIL PROTECTED] wrote:
yep, i looked at it using tcpdump. i just see syn packets going out the
door, i never get any syn-acks back.
22:50:47.417326 IP unixbox.gnet.49330
i know, i just want to check out the new wrx's and sti!!
tried messing with the mtu without any luck.
ok, here is tcpdump running on my pfsense firewall(unixbox.gnet). you
can see my request to subaru.com and then the reply comes to the
firewall but never get's passed to my computer. what's
42 matches
Mail list logo
