Thanks for the follow up. Lets see:
> # telnet snort.org 80 > # telnet download.freenet.de 80 telnet from workstation (ubuntu) [EMAIL PROTECTED]:~$ telnet download.freenet.de 80 Trying 194.97.4.66... Connected to download.freenet.de. [EMAIL PROTECTED]:~$ telnet snort.org 80 Trying 199.107.65.177... Connected to snort.org. Okay, here is where the wired part starts ;-). I still can provide a tcpdump if you like. Still any idear ? Richard > > You should be able to open those connections. > > If not, check your filter logs, they should indicate where the problem > is. > > ~Tim > > Richard wrote: > > Hi Tim, > > > > thanks very much for taking the time to answer. You are absolutly right > > but I already did all steps you have mention. > > > > But let me check these examples: > > download.freenet.de > > snort.org > > > > All examples are in network.txt attached in this mail. (ping/traceroute) > > > > Maybe you can have a deeper look into a tcpdump? Interessting: if you > > have a look at the tcp stream you will see that the first part of the > > website is transfered and than it suddenly stops. > > The firewall is corrently at factory defaults (just changed security > > settings) > > > > Again, thanks for your help! > > > > Richard > > > > Am Mittwoch, den 14.02.2007, 10:14 -0500 schrieb Tim Allender: > > > > > Excuse me if this seems pedantic. > > > > > > You say, although you have network connection to the majority of the > > > Internet, you cannot make connections to specific locations, for > > > example, sf.net > > > Initially, I would doubt that this is a hardware / driver / PPoE > > > problem, as you've verified operability. > > > You've given a lot of details, but haven't explicitly stated the obvious > > > level 1 support checks. > > > > > > From a shell on the pfsense box, given sf.net (66.35.250.203), verify > > > IP is / is not working: > > > # ping 66.35.250.203 > > > Then check the route > > > # traceroute 66.35.250.203 > > > > > > If these check out, the network is fine. Escalate to DNS verification, > > > else check routes / firewall rules at route break point. > > > DNS: Same test, only this time using sf.net > > > If these check out, DNS is fine. Escalate to protocol verification, else > > > fix DNS issue. > > > Protocols: You may be unwittingly filtering out certain protocols which > > > make it appear to LAN users that "30% of the internet" is unreachable, > > > when in fact it's possible that 30% of the application protocol traffic > > > isn't passing normally. > > > > > > Pull up the filter logs and see what's going on. > > > If you need to, take a dump (on both interfaces) and analyze further. > > > > > > ~Tim > > > > > > Richard wrote: > > > > > > > Hello Team / Supporters, > > > > > > > > i have a very wired problem with pfsense. > > > > Please take some time to read the complete mail. > > > > > > > > Infrastructure > > > > ======== > > > > 4Mbit ADSL Connection / ADSL Modem / no other Internet Infrastructure > > > > > > > > Problem description: > > > > =========== > > > > 30% of the Internet seams to be not available. Part of this 30% are for > > > > example snort.org / download.freenet.de / sf.net. Users who are trying > > > > to access one of these sites must have to wait endless. No connection > > > > seams to be possible. So far so good: > > > > > > > > Troubleshooting: > > > > =========== > > > > > > > > Software > > > > == > > > > Restarting DSL-Modem / Firewall / DNS Server - no effect > > > > Reseting the Firewall to default value - no effect > > > > Changing Firewall rule's / Nat - no effect > > > > Changing MTU size in shell/web 1492 / 1456 / 1400 / 1500 - no effect > > > > With or without DNS/DNS Forward - no effect > > > > > > > > Hardware > > > > == > > > > Reinstalling the Firewall - no effect > > > > -Switching to our old Firewall (Watchguard) - *everything working fine* > > > > Trying different NIC - no effect > > > > Installing pfsense on a completly different hardware - no effect > > > > Trying pfsense dev build - no effect. > > > > > > > > *no effect means that the websites mention above are available, other > > > > parts of the internet are working. > > > > ================================ > > > > > > > > As i mention before, with our old Watchguard, everything is working fine > > > > using PPoE Connections. I'm absoluty out of ideas. I'm actually > > > > expecting no answers to that email ;-), but the hope dies at last. > > > > PFsense is exactly what i'm looking for, i'm really said that we can't > > > > use at the moment. > > > > > > > > If you might want to help, please let me know. A tcpdump can be > > > > provided. > > > > > > > > Thanks very much for taking the time. > > > > > > > > Richard > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > __________________________________________________________________ > > > > > > # ping download.freenet.de > > > PING download.freenet.de (194.97.4.66): 56 data bytes > > > 64 bytes from 194.97.4.66: icmp_seq=0 ttl=55 time=90.252 ms > > > 64 bytes from 194.97.4.66: icmp_seq=1 ttl=55 time=89.904 ms > > > > > > # ping snort.org > > > PING snort.org (199.107.65.177): 56 data bytes > > > --- snort.org ping statistics --- > > > 8 packets transmitted, 0 packets received, 100% packet loss > > > (maybe icmp blocked) > > > > > > Let's continue with traceroute download.freenet.de > > > > > > # traceroute download.freenet.de > > > traceroute to download.freenet.de (194.97.4.66), 64 hops max, 40 byte > > > packets > > > 1 kiel3.bb.addix.net (212.51.31.92) 76.238 ms 76.406 ms 76.076 ms > > > 2 fe201-kiel1.bb.addix.net (212.51.31.124) 76.611 ms 76.863 ms > > > 75.725 ms > > > 3 ADDIX.HAM-4-atm131-732.de.lambdanet.net (217.71.107.237) 79.277 ms > > > 78.707 ms 78.566 ms > > > 4 DUS-2-pos300.de.lambdanet.net (217.71.96.13) 87.431 ms 87.329 ms > > > 133.045 ms > > > 5 DUS-1-pos010.de.lambdanet.net (217.71.96.89) 87.425 ms 87.299 ms > > > 88.904 ms > > > 6 DUS-5-pos300.de.lambdanet.net (217.71.96.54) 91.400 ms 89.358 ms > > > 88.861 ms > > > 7 G2-0-802.dus1-g.mcbone.net (217.71.108.150) 88.695 ms 89.167 ms > > > 88.664 ms > > > 8 Vlan55.dus2-x0.mcbone.net (62.104.198.10) 87.422 ms 88.845 ms > > > 100.951 ms > > > 9 * * * > > > 10 * * * > > > 11 * * * > > > 12 * * * > > > 13 * * * > > > 14 * * * > > > 15 * * * > > > 16 * * * > > > 17 * * * > > > [...] > > > > > > > > > # traceroute snort.org > > > traceroute to snort.org (199.107.65.177), 64 hops max, 40 byte packets > > > 1 kiel3.bb.addix.net (212.51.31.92) 76.202 ms 77.661 ms 75.852 ms > > > 2 fe201-kiel1.bb.addix.net (212.51.31.124) 76.869 ms 76.014 ms > > > 75.817 ms > > > 3 ADDIX.HAM-4-atm131-732.de.lambdanet.net (217.71.107.237) 79.569 ms > > > 79.238 ms 79.271 ms > > > 4 hbg-b2-geth1-2-0-12.telia.net (213.248.76.129) 79.808 ms 79.187 ms > > > 78.827 ms > > > 5 hbg-bb1-link.telia.net (80.91.251.77) 79.098 ms 79.213 ms 79.402 ms > > > 6 ldn-bb1-link.telia.net (80.91.249.10) 92.211 ms > > > adm-bb1-pos7-0-0.telia.net (213.248.65.153) 107.832 ms > > > ldn-bb1-link.telia.net (80.91.249.10) 93.449 ms > > > 7 ldn-bb1-pos7-0-0.telia.net (213.248.65.149) 93.045 ms > > > nyk-bb1-link.telia.net (213.248.65.98) 159.567 ms 160.239 ms > > > 8 ash-bb1-link.telia.net (213.248.83.22) 198.568 ms > > > ash-bb1-pos6-0-0-0.telia.net (213.248.80.69) 239.648 ms > > > ash-bb1-link.telia.net (213.248.83.22) 197.190 ms > > > 9 ash-bb1-link.telia.net (213.248.83.22) 200.437 ms > > > 192.205.33.1 (192.205.33.1) 177.013 ms * > > > 10 tbr1034001.wswdc.ip.att.net (12.122.80.98) 179.165 ms 178.522 ms > > > 178.878 ms > > > 11 tbr1034001.wswdc.ip.att.net (12.122.80.98) 181.246 ms > > > 12.123.8.17 (12.123.8.17) 175.567 ms 178.498 ms > > > 12 12.123.8.17 (12.123.8.17) 179.845 ms > > > 12.122.255.2 (12.122.255.2) 176.452 ms 177.499 ms > > > 13 63.240.197.134 (63.240.197.134) 177.353 ms 178.085 ms 177.350 ms > > > 14 63.240.198.67 (63.240.198.67) 177.605 ms > > > 63.240.197.134 (63.240.197.134) 179.209 ms > > > 63.240.198.67 (63.240.198.67) 176.753 ms > > > 15 * 63.240.198.67 (63.240.198.67) 179.625 ms * > > > 16 * * * > > > 17 * * * > > > 18 * * * > > > 19 * * * > > > 20 * * * > > > > > > > > > > > > __________________________________________________________________ > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]