Amazon Warehouse Services (amazonaws.com) not reachable in general

[Marcel_H]

Hi!

I recently installed an OPNSence DEC750 firewall between my Router AVM FRITZ!Box 6660 Cable WLAN-Router and the network. Since this, I can no longer access any services that involve the amazon warehouse services (url ending with amazonaws.com). This was the case immediately after setting up the Firewall with the very basic configuration, so before any rules were established or intruder protection activated.

Error messages are ERR_CONNECTION_RESET (Chrome, Edge) or PR_CONNECT_RESET_ERROR (Firefox).

The error can easily reproduced for example when trying to download a specific importer for 3D ressources: https://kb3d-downloads-prod.s3.us-west-2.amazonaws.com/Cargo.zip

There is no error message in the LiveView of the Firewall. With the Network Analysis tool in Firefox I don't get more informations, sadly.

Tried until now I have the following:

• Disable IPv6
• Set MSS Clamping (MSS ≈ 1452 for MTU 1492), all tests here are fine
• Static Outbound NAT: Enable source port preservation for problematic services/devices
• Disable "Block private/bogon networks" on the WAN interface Diable
• IDS/Offloading
• Disable hardware offloading

Are there any ideas out there?

[Monviech (Cedrik)]

This is most certainly a combined IPv6 + MSS issue.

Try disabling IPv6 on the client itself that tries to connect to that target, and see if it works if it is really IPv4 only.

If that does the trick, I can tell a few tricks how to solve this (circumvent the issue for affected websites).