Tips N Tricks

Solved: pfSense is not letting Tata Photon to talk to Tata Indicom Broadband

Recently I faced this strange issue at a client’s place. Users using Tata Photon USB modem were not able to browse the website and other services, hosted on a server sitting at my client’s office. The client is using a Tata Indicom Broadband connection at the office. The server is sitting behind a pfSense firewall.

To add to the confusion, users using Airtel broadband and Reliance USB modem were able to browse the website. It was easy to blame Tata for this but the culprit (well, more or less) was the pfSense firewall.After struggling with Tata customer support, blaming them for this peculiar issue, the IT team of my client started troubleshooting. As a useful input, I was told that if the Tata broadband line was directly connected to a laptop, users using Tata Photon USB were able to connect to the laptop. This led me to suspect pfSense 😉

To investigate this, what I did was as follows. I remote logged in to one of the user’s laptop who was using the Tata Photon USB modem. I ran a traceroute to the server.

The following image shows the output of the traceroute (tracert command running in a DOS terminal on Windows XP).

For security reasons, I have changed the actual hostname to abc.com and IP to 121.243.xxx.xxx in the above image.

Note the second last hop. It is a router (or whatever device) with an IP address 172.31.131.26! This seemed like a private IP address (more on this later).  This shows Tata is routing a connection, from a Tata Photon modem to a Tata Broadband, internally. So, for the pfSense firewall, the request is coming from a private IP (172.31.131.26 in this case).

With this finding in hand, I logged into the pfSense web interface and checked the firewall rules. But didn’t find anything suspicious or obstructing there.

The Solution
The solution was on the WAN page (Interfaces>WAN). While browsing this page, I spotted two options on this page namely Block Private Networks and

Block Bogon Networks.

Both settings were hinting at something to do with private IPs and were checked (on) by default. What worked was unchecking Block Bogon Network. After reading up on Wikipedia, I found that the IP 172.31.x is a reserved IP  but not defined for private networks in the RFC 1918. This is the reason why unchecking Block Private Networks  did not work.

Bottom line: If Tata is not able to talk to Tata and you are using pfSense firewall, goto Interfaces>WAN and uncheck Block Bogon Networks.

Solved: pfSense is not letting Tata Photon to talk to Tata Indicom Broadband, 8.7 out of 10 based on 3 ratings
 Email This Post ⋅  Print This Post ⋅  Post A Comment @shekharg

© 2011 Shekhar Govindarajan's Blog.