OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of ytjohn »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - ytjohn

Pages: [1]
1
General Discussion / Re: github unreachable from shell
« on: January 26, 2024, 04:44:27 pm »
I did a major update to 23.7.12

OPNsense 23.7.12-amd64
FreeBSD 13.2-RELEASE-p7
OpenSSL 1.1.1w


Now I can ping github, but not connect to it on 443.


Code: [Select]
root@gw:~ # ping github.com
PING github.com (140.82.113.4): 56 data bytes
64 bytes from 140.82.113.4: icmp_seq=0 ttl=48 time=33.796 ms
64 bytes from 140.82.113.4: icmp_seq=1 ttl=48 time=31.082 ms
^C
--- github.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 31.082/32.439/33.796/1.357 ms
root@gw:~ # opnsense-code ports
Cloning into '/usr/tools'...
fatal: unable to access 'https://github.com/opnsense/tools/': Failed to connect to github.com port 443 after 6 ms: Couldn't connect to server
root@gw:~ # ping github.com
PING github.com (140.82.113.4): 56 data bytes
64 bytes from 140.82.113.4: icmp_seq=0 ttl=48 time=33.307 ms
64 bytes from 140.82.113.4: icmp_seq=1 ttl=48 time=33.764 ms
^C
--- github.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 33.307/33.536/33.764/0.229 ms
root@gw:~ # curl https://github.com/
curl: (7) Failed to connect to github.com port 443 after 6 ms: Couldn't connect to server
root@gw:~ # ping github.com
PING github.com (140.82.113.4): 56 data bytes
64 bytes from 140.82.113.4: icmp_seq=0 ttl=48 time=24.435 ms
64 bytes from 140.82.113.4: icmp_seq=1 ttl=48 time=22.012 ms
^C
--- github.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 22.012/23.223/24.435/1.211 ms
root@gw:~ # ping 140.82.113.3
PING 140.82.113.3 (140.82.113.3): 56 data bytes
64 bytes from 140.82.113.3: icmp_seq=0 ttl=47 time=24.530 ms
^C
--- 140.82.113.3 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 24.530/24.530/24.530/0.000 ms
root@gw:~ # curl -v https://github.com/opnsense/tools/
* Host github.com:443 was resolved.
* IPv6: (none)
* IPv4: 140.82.113.4
*   Trying 140.82.113.4:443...
* Immediate connect fail for 140.82.113.4: Permission denied
* Failed to connect to github.com port 443 after 8 ms: Couldn't connect to server
* Closing connection
curl: (7) Failed to connect to github.com port 443 after 8 ms: Couldn't connect to server



2
General Discussion / github unreachable from shell
« on: January 26, 2024, 04:04:55 pm »
I have a fairly vanilla opnsense. I don't have adblocking, unbound blacklist or any of that turned on. I have an allow all from lan rule.  I am currently on 23.1_6.

When I'm logged into the shell or the web diagnosics, I can't ping or curl github.com (140.82.113.3).  I have tried changing the source address between my LAN and WAN ips with no change.

I can ping and access github.com just fine rom my any machine on my LAN. 

I have basically two theories:

  • When I run opnsense-code ports or one of these curl commands, github itself doesn't like it and blocks me.
  • Something internal to opnsense that I am not aware of is blocking me.

Code: [Select]
root@gw:/usr/local/opnsense/scripts/filter # curl -v https://github.com/ytjohn
*   Trying 140.82.113.3:443...
* Immediate connect fail for 140.82.113.3: Permission denied
* Closing connection 0
curl: (7) Couldn't connect to server

root@gw:/usr/local/opnsense/scripts/filter # nc -v 140.82.113.3 443
nc: connect to 140.82.113.3 port 443 (tcp) failed: Permission denied

root@gw:/usr/local/opnsense/scripts/filter # ping -v 140.82.113.3
PING 140.82.113.3 (140.82.113.3): 56 data bytes
^C
--- 140.82.113.3 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss

I found that it appears to pass icmp in the firewall rules.  I never see any log messages related to my curl/netcat commands.

Code: [Select]
2024-01-26T14:48:09 Informational filterlog 99,,,761a166383f941c76dbf2c76c9e2f241,igb1,match,pass,out,4,0x0,,64,6692,0,none,1,icmp,84,75.xxx.yyy.zzz,140.82.113.3,datalength=64
2024-01-26T13:40:32 Informational filterlog 99,,,761a166383f941c76dbf2c76c9e2f241,igb1,match,pass,out,4,0x0,,64,37071,0,none,1,icmp,84,75.xxx.yyy.zzz,140.82.113.3,datalength=64



Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2