-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Okay, lets see:
> Otherwise, you have, potentially: > Misconfigured browsers Tried different workstations as well with different browsers and different Operation systems :-). > Misconfigured networking / firewall on user hosts We have tried different maschines .. > Possibly misconifgured ACLs in switching medium? The switch is just a simple Dell and unmanaged. I will try to telnet and to get the index page. Tomorrow i can send the extracted TCP Dump to one of these websites. Thanks for for the follow up. Richard Tim Allender schrieb: > When you open the telnet connections, try talking to the server and see > what responses you get back. > Here's the syntax: http://www.w3.org/Protocols/rfc2616/rfc2616.html > > For example > # telnet snort.org 80 > Trying 199.107.65.177... > Connected to snort.org. > GET / HTTP/1.1 > > You should get the html output for the root directory of the snort.org > webserver. > If your telnet client gets that HTML, your web browser ~should~ be able > to get that HTML also. > And, if it does, wallah! It works. > Otherwise, you have, potentially: > Misconfigured browsers > Misconfigured networking / firewall on user hosts > Possibly misconifgured ACLs in switching medium? > > Could be a number of things, > but if you're running a pfsense default configuration, considering > everything we've verified, the problem is not your: > Internet Connection > Networking > DNS > Firewall > > Richard wrote: >> Thanks for the follow up. >> >> Lets see: >> >> >>> # telnet snort.org 80 >>> # telnet download.freenet.de 80 >>> >> >> telnet from workstation (ubuntu) >> >> [EMAIL PROTECTED]:~$ telnet download.freenet.de 80 >> Trying 194.97.4.66... >> Connected to download.freenet.de. >> >> [EMAIL PROTECTED]:~$ telnet snort.org 80 >> Trying 199.107.65.177... >> Connected to snort.org. >> >> Okay, here is where the wired part starts ;-). >> I still can provide a tcpdump if you like. >> Still any idear ? >> >> Richard >> >> >> >> >>> You should be able to open those connections. >>> >>> If not, check your filter logs, they should indicate where the problem >>> is. >>> >>> ~Tim >>> >>> Richard wrote: >>> >>>> Hi Tim, >>>> >>>> thanks very much for taking the time to answer. You are absolutly right >>>> but I already did all steps you have mention. >>>> >>>> But let me check these examples: >>>> download.freenet.de >>>> snort.org >>>> >>>> All examples are in network.txt attached in this mail. (ping/traceroute) >>>> >>>> Maybe you can have a deeper look into a tcpdump? Interessting: if you >>>> have a look at the tcp stream you will see that the first part of the >>>> website is transfered and than it suddenly stops. >>>> The firewall is corrently at factory defaults (just changed security >>>> settings) >>>> >>>> Again, thanks for your help! >>>> >>>> Richard >>>> >>>> Am Mittwoch, den 14.02.2007, 10:14 -0500 schrieb Tim Allender: >>>> >>>> >>>>> Excuse me if this seems pedantic. >>>>> >>>>> You say, although you have network connection to the majority of the >>>>> Internet, you cannot make connections to specific locations, for >>>>> example, sf.net >>>>> Initially, I would doubt that this is a hardware / driver / PPoE >>>>> problem, as you've verified operability. >>>>> You've given a lot of details, but haven't explicitly stated the obvious >>>>> level 1 support checks. >>>>> >>>>> From a shell on the pfsense box, given sf.net (66.35.250.203), verify >>>>> IP is / is not working: >>>>> # ping 66.35.250.203 >>>>> Then check the route >>>>> # traceroute 66.35.250.203 >>>>> >>>>> If these check out, the network is fine. Escalate to DNS verification, >>>>> else check routes / firewall rules at route break point. >>>>> DNS: Same test, only this time using sf.net >>>>> If these check out, DNS is fine. Escalate to protocol verification, else >>>>> fix DNS issue. >>>>> Protocols: You may be unwittingly filtering out certain protocols which >>>>> make it appear to LAN users that "30% of the internet" is unreachable, >>>>> when in fact it's possible that 30% of the application protocol traffic >>>>> isn't passing normally. >>>>> >>>>> Pull up the filter logs and see what's going on. >>>>> If you need to, take a dump (on both interfaces) and analyze further. >>>>> >>>>> ~Tim >>>>> >>>>> Richard wrote: >>>>> >>>>> >>>>>> Hello Team / Supporters, >>>>>> >>>>>> i have a very wired problem with pfsense. >>>>>> Please take some time to read the complete mail. >>>>>> >>>>>> Infrastructure >>>>>> ======== >>>>>> 4Mbit ADSL Connection / ADSL Modem / no other Internet Infrastructure >>>>>> >>>>>> Problem description: >>>>>> =========== >>>>>> 30% of the Internet seams to be not available. Part of this 30% are for >>>>>> example snort.org / download.freenet.de / sf.net. Users who are trying >>>>>> to access one of these sites must have to wait endless. No connection >>>>>> seams to be possible. So far so good: >>>>>> >>>>>> Troubleshooting: >>>>>> =========== >>>>>> >>>>>> Software >>>>>> == >>>>>> Restarting DSL-Modem / Firewall / DNS Server - no effect >>>>>> Reseting the Firewall to default value - no effect >>>>>> Changing Firewall rule's / Nat - no effect >>>>>> Changing MTU size in shell/web 1492 / 1456 / 1400 / 1500 - no effect >>>>>> With or without DNS/DNS Forward - no effect >>>>>> >>>>>> Hardware >>>>>> == >>>>>> Reinstalling the Firewall - no effect >>>>>> -Switching to our old Firewall (Watchguard) - *everything working fine* >>>>>> Trying different NIC - no effect >>>>>> Installing pfsense on a completly different hardware - no effect >>>>>> Trying pfsense dev build - no effect. >>>>>> >>>>>> *no effect means that the websites mention above are available, other >>>>>> parts of the internet are working. >>>>>> ================================ >>>>>> >>>>>> As i mention before, with our old Watchguard, everything is working fine >>>>>> using PPoE Connections. I'm absoluty out of ideas. I'm actually >>>>>> expecting no answers to that email ;-), but the hope dies at last. >>>>>> PFsense is exactly what i'm looking for, i'm really said that we can't >>>>>> use at the moment. >>>>>> >>>>>> If you might want to help, please let me know. A tcpdump can be >>>>>> provided. >>>>>> >>>>>> Thanks very much for taking the time. >>>>>> >>>>>> Richard >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> --------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>>>> >>>>>> >>>>>> >>>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>>> >>>>> >>>>> __________________________________________________________________ >>>>> >>>>> # ping download.freenet.de >>>>> PING download.freenet.de (194.97.4.66): 56 data bytes >>>>> 64 bytes from 194.97.4.66: icmp_seq=0 ttl=55 time=90.252 ms >>>>> 64 bytes from 194.97.4.66: icmp_seq=1 ttl=55 time=89.904 ms >>>>> >>>>> # ping snort.org >>>>> PING snort.org (199.107.65.177): 56 data bytes >>>>> --- snort.org ping statistics --- >>>>> 8 packets transmitted, 0 packets received, 100% packet loss >>>>> (maybe icmp blocked) >>>>> >>>>> Let's continue with traceroute download.freenet.de >>>>> >>>>> # traceroute download.freenet.de >>>>> traceroute to download.freenet.de (194.97.4.66), 64 hops max, 40 byte >>>>> packets >>>>> 1 kiel3.bb.addix.net (212.51.31.92) 76.238 ms 76.406 ms 76.076 ms >>>>> 2 fe201-kiel1.bb.addix.net (212.51.31.124) 76.611 ms 76.863 ms >>>>> 75.725 ms >>>>> 3 ADDIX.HAM-4-atm131-732.de.lambdanet.net (217.71.107.237) 79.277 ms >>>>> 78.707 ms 78.566 ms >>>>> 4 DUS-2-pos300.de.lambdanet.net (217.71.96.13) 87.431 ms 87.329 ms >>>>> 133.045 ms >>>>> 5 DUS-1-pos010.de.lambdanet.net (217.71.96.89) 87.425 ms 87.299 ms >>>>> 88.904 ms >>>>> 6 DUS-5-pos300.de.lambdanet.net (217.71.96.54) 91.400 ms 89.358 ms >>>>> 88.861 ms >>>>> 7 G2-0-802.dus1-g.mcbone.net (217.71.108.150) 88.695 ms 89.167 ms >>>>> 88.664 ms >>>>> 8 Vlan55.dus2-x0.mcbone.net (62.104.198.10) 87.422 ms 88.845 ms >>>>> 100.951 ms >>>>> 9 * * * >>>>> 10 * * * >>>>> 11 * * * >>>>> 12 * * * >>>>> 13 * * * >>>>> 14 * * * >>>>> 15 * * * >>>>> 16 * * * >>>>> 17 * * * >>>>> [...] >>>>> >>>>> >>>>> # traceroute snort.org >>>>> traceroute to snort.org (199.107.65.177), 64 hops max, 40 byte packets >>>>> 1 kiel3.bb.addix.net (212.51.31.92) 76.202 ms 77.661 ms 75.852 ms >>>>> 2 fe201-kiel1.bb.addix.net (212.51.31.124) 76.869 ms 76.014 ms >>>>> 75.817 ms >>>>> 3 ADDIX.HAM-4-atm131-732.de.lambdanet.net (217.71.107.237) 79.569 ms >>>>> 79.238 ms 79.271 ms >>>>> 4 hbg-b2-geth1-2-0-12.telia.net (213.248.76.129) 79.808 ms 79.187 ms >>>>> 78.827 ms >>>>> 5 hbg-bb1-link.telia.net (80.91.251.77) 79.098 ms 79.213 ms 79.402 ms >>>>> 6 ldn-bb1-link.telia.net (80.91.249.10) 92.211 ms >>>>> adm-bb1-pos7-0-0.telia.net (213.248.65.153) 107.832 ms >>>>> ldn-bb1-link.telia.net (80.91.249.10) 93.449 ms >>>>> 7 ldn-bb1-pos7-0-0.telia.net (213.248.65.149) 93.045 ms >>>>> nyk-bb1-link.telia.net (213.248.65.98) 159.567 ms 160.239 ms >>>>> 8 ash-bb1-link.telia.net (213.248.83.22) 198.568 ms >>>>> ash-bb1-pos6-0-0-0.telia.net (213.248.80.69) 239.648 ms >>>>> ash-bb1-link.telia.net (213.248.83.22) 197.190 ms >>>>> 9 ash-bb1-link.telia.net (213.248.83.22) 200.437 ms >>>>> 192.205.33.1 (192.205.33.1) 177.013 ms * >>>>> 10 tbr1034001.wswdc.ip.att.net (12.122.80.98) 179.165 ms 178.522 ms >>>>> 178.878 ms >>>>> 11 tbr1034001.wswdc.ip.att.net (12.122.80.98) 181.246 ms >>>>> 12.123.8.17 (12.123.8.17) 175.567 ms 178.498 ms >>>>> 12 12.123.8.17 (12.123.8.17) 179.845 ms >>>>> 12.122.255.2 (12.122.255.2) 176.452 ms 177.499 ms >>>>> 13 63.240.197.134 (63.240.197.134) 177.353 ms 178.085 ms 177.350 ms >>>>> 14 63.240.198.67 (63.240.198.67) 177.605 ms >>>>> 63.240.197.134 (63.240.197.134) 179.209 ms >>>>> 63.240.198.67 (63.240.198.67) 176.753 ms >>>>> 15 * 63.240.198.67 (63.240.198.67) 179.625 ms * >>>>> 16 * * * >>>>> 17 * * * >>>>> 18 * * * >>>>> 19 * * * >>>>> 20 * * * >>>>> >>>>> >>>>> >>>>> __________________________________________________________________ >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF02n/9tK6oi5gM2IRAofIAKCGj8bVo0XJzlQoTtF5RQYXM7R/KACfWIBC qBw+iA7sPvzZGzdT7HEvaCg= =P8f9 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
