On Sat, Oct 11, 2008 at 11:28 AM, David McNett <[EMAIL PROTECTED]> wrote:
> On Oct 1, 2008, at 5:18 PM, BSD Wiz wrote:
>>
>> have rules to allow allow traffic out on port 80 and 443. I have also(just
>> to be sure) allowed *ALL* traffic out from my static ip on my macbook.
>> Problem is I can't get
On Oct 1, 2008, at 5:18 PM, BSD Wiz wrote:
have rules to allow allow traffic out on port 80 and 443. I have
also(just to be sure) allowed *ALL* traffic out from my static ip on
my macbook. Problem is I can't get to the site subaru.com.
I'm also jumping in late to the thread. Have you tried
Coming late into this thread, I think I can add some salt to it :)
I have the exact same problem to one of the sites, one I actually worked for
two years ago, so I know about the setup there.
At home I have pppoe to ISP and pfsense 1.2.1, problematic site has (probalby
still) pfsense 0.9.6 and
The traffic is passed in from the wan but the LAN interface never
sends it out to my host.
-Phil G
On Oct 2, 2008, at 12:13 PM, Tim Nelson <[EMAIL PROTECTED]> wrote:
Also, I assume your tcpdump was on the LAN interface, aka the
network your client box is connected to? Run a tcpdump on th
No, the firewall does not pass the traffic.
-Phil G
On Oct 2, 2008, at 12:12 PM, Paul Mansfield [EMAIL PROTECTED]> wrote:
BSD Wiz wrote:
Yep. Tcpdump. Traffic doesn't come back from fw.
-Phil G
so, the firewall is passing the traffic, web server responds but the
originating computer n
Also, I assume your tcpdump was on the LAN interface, aka the network your
client box is connected to? Run a tcpdump on the WAN and see what hits it...
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
- "Paul Mansfield" <[EMAIL PROTECTED]> wrote:
> BSD Wiz wrote:
> > Ye
BSD Wiz wrote:
> Yep. Tcpdump. Traffic doesn't come back from fw.
>
> -Phil G
so, the firewall is passing the traffic, web server responds but the
originating computer never sees that response??!!
-
To unsubscribe, e-mail: [EMA
buy a porsche or new pfsense compatible hardware :-)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
up?
> From: [EMAIL PROTECTED]
> To: support@pfsense.com
> Date: Thu, 2 Oct 2008 10:53:31 -0500
> Subject: Re: [pfSense Support] Can't connect to subaru.com on port
80
>
> This is a cable modem, and it works if I directly connect to my
modem.
>
> -Phil G
>
>
have you run wireshark between the firewall and the system to see if it is
actually entering the LAN traffic and might just be the mac screwing up?
> From: [EMAIL PROTECTED]
> To: support@pfsense.com
> Date: Thu, 2 Oct 2008 10:53:31 -0500
> Subject: Re: [pfSense Support] Can&
This is a cable modem, and it works if I directly connect to my modem.
-Phil G
On Oct 2, 2008, at 10:45 AM, "Ermal Luçi" <[EMAIL PROTECTED]> wrote:
Open /etc/inc/filter.inc and search for pppoeclient:
after 4 line of that enter this
set iface enable tcpmssfix
and retry connecting the pppoe
Open /etc/inc/filter.inc and search for pppoeclient:
after 4 line of that enter this
set iface enable tcpmssfix
and retry connecting the pppoe and see if that fixes the problem.
I was having the same problems with mail.yahoo/hotmail/msn messenger
and some other sites on one installation and that f
Paul Mansfield wrote:
BSD Wiz wrote:
I never get a response from the firewall therefore I cannot connect via
telnet over port 80. Telneting to the site from the de works but not
from the client machine.
it sounds a bit like the automatic bogons blocking list has subaru in it.
That c
BSD Wiz wrote:
> I never get a response from the firewall therefore I cannot connect via
> telnet over port 80. Telneting to the site from the de works but not
> from the client machine.
it sounds a bit like the automatic bogons blocking list has subaru in it.
try going to the wan interfaces sett
I never get a response from the firewall therefore I cannot connect
via telnet over port 80. Telneting to the site from the de works but
not from the client machine.
-Phil G
On Oct 2, 2008, at 4:14 AM, Paul Mansfield [EMAIL PROTECTED]> wrote:
try doing "telnet subaru.com 80", then "GET
No, there are not any drops in the logs.
-Phil G
On Oct 2, 2008, at 1:02 AM, "Chris Buechler" <[EMAIL PROTECTED]>
wrote:
On Thu, Oct 2, 2008 at 12:38 AM, BSD Wiz <[EMAIL PROTECTED]> wrote:
i know, i just want to check out the new wrx's and sti!!
tried messing with the mtu without any l
try doing "telnet subaru.com 80", then "GET / HTTP1.0" and hit return a
few times.
if you get a partial response which hangs part way, MTU should be suspected.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
On Thu, Oct 2, 2008 at 12:38 AM, BSD Wiz <[EMAIL PROTECTED]> wrote:
> i know, i just want to check out the new wrx's and sti!!
>
> tried messing with the mtu without any luck.
>
> ok, here is tcpdump running on my pfsense firewall(unixbox.gnet). you can
> see my request to subaru.com and then the r
i know, i just want to check out the new wrx's and sti!!
tried messing with the mtu without any luck.
ok, here is tcpdump running on my pfsense firewall(unixbox.gnet). you
can see my request to subaru.com and then the reply comes to the
firewall but never get's passed to my computer. what's
On Wed, Oct 1, 2008 at 11:12 PM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 1, 2008 at 11:55 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
>> yep, i looked at it using tcpdump. i just see syn packets going out the
>> door, i never get any syn-acks back.
>>
>> 22:50:47.417326 IP unixbox.gnet.4
On Wed, Oct 1, 2008 at 11:55 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
> yep, i looked at it using tcpdump. i just see syn packets going out the
> door, i never get any syn-acks back.
>
> 22:50:47.417326 IP unixbox.gnet.49330 > subaru.com.http: S
> 3917131801:3917131801(0) win 65535 2090776378 0,sack
yep, i looked at it using tcpdump. i just see syn packets going out
the door, i never get any syn-acks back.
22:50:47.417326 IP unixbox.gnet.49330 > subaru.com.http: S
3917131801:3917131801(0) win 65535 0,nop,nop,timestamp 2090776378 0,sackOK,eol>
22:50:50.029787 IP unixbox.gnet.49330 > suba
On Wed, Oct 1, 2008 at 11:48 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
> no, macs, 10.4 and 10.5 tried it on both, neither works.
>
Running 10.5.5 here on 1.3 and subaru.com works just fine. Strange.
Scott
no, macs, 10.4 and 10.5 tried it on both, neither works.
-phil
On Oct 1, 2008, at 10:27 PM, Scott Ullrich wrote:
On Wed, Oct 1, 2008 at 11:18 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
yeah, 1.2 doesn't work either. the problem does in fact appear to
only affect certain hosts as other mac
On Wed, Oct 1, 2008 at 11:18 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
> yeah, 1.2 doesn't work either. the problem does in fact appear to only
> affect certain hosts as other machines on my network can reach the site.
> specifically, an iphone and freebsd server.
>
time to break out Wireshark and/or
On Wed, Oct 1, 2008 at 11:18 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
> yeah, 1.2 doesn't work either. the problem does in fact appear to only
> affect certain hosts as other machines on my network can reach the site.
> specifically, an iphone and freebsd server.
>
Is the client vista? If so, try
yeah, 1.2 doesn't work either. the problem does in fact appear to
only affect certain hosts as other machines on my network can reach
the site. specifically, an iphone and freebsd server.
-phil
On Oct 1, 2008, at 10:04 PM, Chris Buechler wrote:
On Wed, Oct 1, 2008 at 9:23 PM, BSD Wiz <[EM
On Wed, Oct 1, 2008 at 9:23 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
> do you guys think i should revert back to version 1.2 and test it?
>
I would say there isn't a good chance that would change anything, but
someone seems to be reporting a similar problem on the forum that
reportedly didn't exist
do you guys think i should revert back to version 1.2 and test it?
-phil
On Oct 1, 2008, at 6:59 PM, Chris Buechler wrote:
On Wed, Oct 1, 2008 at 7:00 PM, Tim Nelson <[EMAIL PROTECTED]>
wrote:
Are you blocking any ICMP traffic? PMTU (MTU path discovery)
relies on ICMP to automagically deter
no luck with the any any rule either. same thing.
this is really strange. i'll keep poking around.
thanks again gents.
-phil
On Oct 1, 2008, at 6:15 PM, Tim Nelson wrote:
Turn logging on for your last rule on your LAN that drops all
otherwise specified traffic. Your logs should show some
On Wed, Oct 1, 2008 at 7:00 PM, Tim Nelson <[EMAIL PROTECTED]> wrote:
> Are you blocking any ICMP traffic? PMTU (MTU path discovery) relies on ICMP
> to automagically determine the proper MTU...
>
> On nearly all of my installations, I'm blocking EVERYTHING including ICMP on
> the WAN and PMTU st
looks normal.
tcp
67.202.194.73:80 <- 172.16.0.25:49657
SYN_SENT:ESTABLISHED
tcp
172.16.0.25:49657 -> 24.183.138.36:59156 -> 67.202.194.73:80
ESTABLISHED:SYN_SENT
there, now you all know my public ip :)
-phil
On Oct 1, 2008, at 6:30 PM, Curtis LaMasters wrote:
What happens in your state
already did.
if i plug directly into my cable modem i can get there.. plus i can
telnet from the pfsense box to subaru.com over port 80.
-phil
On Oct 1, 2008, at 6:30 PM, [EMAIL PROTECTED] wrote:
Check with your upstream provider, to make sure they are not
blocking it.. Or you can check
What happens in your state table when users on the lan try to go to the
site?
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
On Wed, Oct 1, 2008 at 6:29 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
> i can only telnet to port 80 from the pfsense box. i cannot telnet fro
Check with your upstream provider, to make sure they are not blocking
it.. Or you can check yourself by bypassing the firewall.
Adam
BSD Wiz wrote:
logging is already turned on for the drop all rule. it doesn't show
anything getting blocked when i go to subaru.com.
let me try the any to any
i can only telnet to port 80 from the pfsense box. i cannot telnet
from my machines on the lan.
if i try and ping subaru.com it resolves to 67.202.194.73 but it
seems that they drop ICMP traffic.
thanks,
-phil
On Oct 1, 2008, at 6:24 PM, Curtis LaMasters wrote:
Can you telnet to port 80
logging is already turned on for the drop all rule. it doesn't show
anything getting blocked when i go to subaru.com.
let me try the any to any rule.
thanks!
-phil
On Oct 1, 2008, at 6:19 PM, Tim Nelson wrote:
And a big 'Sorry' to the list for not removing that huge chunk of
XML from my
Can you telnet to port 80 to subaru.com? What IP do you get if you ping
it. I get 67.202.194.73.
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
On Wed, Oct 1, 2008 at 6:19 PM, Tim Nelson <[EMAIL PROTECTED]> wrote:
> And a big 'Sorry' to the list for not removing
And a big 'Sorry' to the list for not removing that huge chunk of XML from my
reply... :-(
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
- "Tim Nelson" wrote:
> Turn logging on for your last rule on your LAN that drops all otherwise
> specified traffic. Your lo
Subject: Re: [pfSense Support] Can't connect to subaru.com on port 80
It may be helpful to see your rulesets on your LAN and WAN
interfaces... or paste the pertinent XML from your config file..
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
- "BSD Wiz&qu
again.
(weird thing was half our clients could connect and half could not.)
-Tim
-Original Message-
From: Tim Nelson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 01, 2008 3:46 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Can't connect to subaru.com on port 80
It may be
n.
> (weird thing was half our clients could connect and half could not.)
> -Tim
>
> -Original Message-
> From: Tim Nelson [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 01, 2008 3:46 PM
> To: support@pfsense.com
> Subject: Re: [pfSense Support] Can't con
]
Sent: Wednesday, October 01, 2008 3:46 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Can't connect to subaru.com on port 80
It may be helpful to see your rulesets on your LAN and WAN interfaces... or
paste the pertinent XML from your config file..
Tim Nelson
Systems/Network Eng
It may be helpful to see your rulesets on your LAN and WAN interfaces... or
paste the pertinent XML from your config file..
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
- "BSD Wiz" <[EMAIL PROTECTED]> wrote:
> i'm connected via cable modem, mtu is set to 1500.
>
>
i'm connected via cable modem, mtu is set to 1500.
thanks
-phil
On Oct 1, 2008, at 5:23 PM, Chris Buechler wrote:
On Wed, Oct 1, 2008 at 6:18 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
pfSense 1.2.1 RC1
only add-on package installed is iperf.
I have rules to allow allow traffic out on port
On Wed, Oct 1, 2008 at 6:18 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
>
> pfSense 1.2.1 RC1
>
> only add-on package installed is iperf.
>
> I have rules to allow allow traffic out on port 80 and 443. I have also(just
> to be sure) allowed *ALL* traffic out from my static ip on my macbook.
> Problem is
46 matches
Mail list logo