I have been struggling lately with what I could say are strange network issues, but as networking tends to be arcane magic anyway, that things ever break is truly a bit too normal. In the past my difficulties were involving the task of setting up a firewall/router device. My OPNsense router has been working fine and was not the open source solution that caused me troubles. Any issues I have had have been my own mistakes or a mitigation default which was incompatible with AMD chips.
My initial difficulties were that VLC suddenly began to fail nearly all streaming audio stations. I am not sure if my network issues are causing the streaming audio station problems since strangely AAC sites seem to work while others fail to connect. It may be coincidental that those AAC format streams also favor a different connectivity method but I have not looked into that to be certain.
The next trouble I ran into was that minetest servers would not connect to my client. For a while I could see the list of servers including my favorites even though I could not reach any of them to play. I could also update or browse any of the content addons for minetest if I so chose. Now things are broken enough that I can do neither, I cannot connect to the contentdb nor to game servers.
These weird network-related issues have progressed. Any ping from my personal box out to locations on the internet, now fails. I can direct OPNsense on my firewall box to ping anywhere and it succeeds. This implies that the failure is something on my personal box or is blocked by the firewall. I have checked both, made certain that no firewall rule could possibly deny pings and even added an explicit enable for port 7 which is ping. I have turned off pf on my personal box and looked at items in the sysctl.conf, to be sure they should not impede network connectivity.
The most recent failure is portsnap. I am fairly baffled. There should be nothing that would prevent any of these things in the OPNsense firewall box nor the Xfinity Arris device. I disabled the firewall entirely on the Xfinity device so I am certain that it cannot be part of my troubles. I am running out of ideas. I attempt to open access wider but more things become blocked, this is so bizarre. Oh, I nearly forgot. Somewhere in all of the above progressively broken network story is the failure of nntp to connect which makes perfect sense since why should it work if nothing else does.
Do you know what the kicker is though? Firefox has its own methods, its own self-contained networking and configuration, and it continues to work during all of this. The exceptions to that are when Comcast is screwing up, or the ssl certs need updates, or firefox itself apparently updated in the background. Yes it is good that Firefox seems to work no matter what, but it fails to be a method for diagnosing the problem itself. Firefox does not tell me ANYTHING about why everything else is broken, it keeps working oblivious to all other network failings on my box.
Should I hold my breath expecting that nothing will need to be updated or rebuilt due to bugs or other issues? Surely NOW is when something will fail and make my broken portsnap (and connectivity) become a real problem. I guess the only way out of this twisty passage of passages all alike is to look at every possible function and config which may possibly ever have a chance at affecting any bit of networking. I am nearly at a point in my frustration when I might begin to consider just wiping everything to start over fresh from scratch, yes that aggravated. I cannot. I am stuck solving this though while also reporting on it here, because I have excess time on my hands and a partially functional situation does not actually call for it. Although an exorcist could be helpful since some of the more obvious solutions have either made things progressively worse or have done nothing at all, and I have yet to find any common thread.
It seems that something I did has rendered all streams broken for VLC. Perhaps previously it had been a VLC issue somehow, but now that none play it is obviously another victim of my network issues. Of course since I continue adding text to this blog post, firefox continues to act like nothing is wrong. Until I took a few moments to test the first of the potential trouble files, /etc/sysctl.conf which I trimmed back to what I thought were the essentials but not so for my present system. The reduced file meant that for a while a simple firefox startup would panic the system. No choice, I had to restore the prior /etc/sysctl.conf and will need to look into lines which may affect firefox. The line I suspect had a comment suggesting it was only needed for chrome.
This decision to look closely at files on my primary box was due to one change I made to my /boot/loader.conf file which caused booting to fail. What I added and subsequently commented out was:
This ended up forcing me to use NomadBSD to fix the issue, but while I had that booted, I checked whether I could ping google and I could. Even though it seemed like my router/firewall could be blocking pings from my box, this proved it was not, and so the beginning of scrutiny of files. I doubt that anything is missing, as things essentially work other than specific networking-related programs as mentioned above. If firefox also failed completely, then I surely have zero connectivity and likely something significant is broken. I'm rather glad that the boot failure was a specific line in a file that I added moments before and not due to any weird escalation of problems.
Is it possible that any of my network problems could be related to my attempts to use both ports on my intel dual gigabit ethernet card? This is one of the changes I have been attempting to get functioning (somewhat for the heck of it) prior to some of my network issues. One may think that it shouldn't be an issue, that FreeBSD being a server oriented operating system should be able to handle it. I set each interface with its own IP, so surely there are no "collisions" as far as I know. What I will have to do is comment out some lines in my /etc/rc.conf and disconnect one ethernet cable and see if anything changes. Of course that would be too easy, too simple a fix.
Not sure if I was remembering correctly about the ping while using NomadBSD, I went to doublecheck. This time I had connection issues but I believe some were partly due to NomadBSD somehow expecting and using IPv6 for all ethernet connections. I decided that the failure was due to disabling IPv6 on the router, so I looked at the rc.conf on my box again. I found an error which did not cause any issues because it was commented out. This was most likely a copy-paste mistake which inserted what some call fancy quotes around a YES. I am unsure quite why I could see them this time as \xe2\x80\x9d but now that I know that line had an error, looking more closely it was easy to see the fancy quote characters.
I'm sorry, it seems that innumerable lines of this blog post were lost due to the glorious caveat that editor windows for remote sites may seem like they are fully functional but if there is any disconnection your recent work can be lost. This emphasizes the need to use a local editor from which I can paste each blog post. I will therefore need to finish this from memory (my own, not the computer's unfortunately) and although I did finally discover the reason for my troubles, some of the previous details may be missed. OPNsense: Firewall > NAT > Outbound:
It turns out that much if not all of my troubles are due to NAT being disabled on my router. I also tested a few different settings on the Xfinity Arris device for its included firewall. Their options are limited but their 'Maximum security' setting will prevent connection to minetest servers and denies VLC to connect to most (http) streaming audio, both due to the ports involved and the security block of them. The Arris ipv4 firewall settings that will not work for me:
Perhaps when I have motivation sometime after I have forgotten the frustration of this challenging network difficulty I might look into what exactly firefox does for itself which keeps it so nearly perfectly insulated from all the failures that might surround it on all sides.
No comments:
Post a Comment
Thank you for your interest!