Greetings,

Okay, so having an odd issue with a network at work. This is a fairly small LAN with about 30-50 workstations / devices / printers / etc. So the issue in essence is that only one of the workstation on the network can access craigslist. All others time out.

This is not a DNS issue as a ping to craigslist.org resolves correctly to 208.82.237.226 on all workstations. Also a tracert completes on all workstations with nothing remarkable.

I have only seen this once before and the issue was never resolved.

This is not an ISP issue as one of the workstations can connect and browse Craigslist without issue. Also one of the workstations that is unable to connect from the LAN was able to connect when direclty linked to the ISP modem.

Okay, so that points to an issue with one of the routers or perhaps a switch.

And to add to the confusion.... All of the workstations that "time out" DO receive a cookie from Craigslist. The cookie, 'cl_b' is one of the same cookies that the workstation that CAN connect also receives.

Let me also add that this issue of timing out is ONLY happening with Craigslist. No other sites have this issue.

The basic topology of the network is: Cable Modem (in bridge mode) -> Bridged PFSENSE Router v2.4.3-RELEASE-p1 -> Zyxel Switch (GS1900) -> TPLink Router (TL-R470T+) -> HP Switch (Procurve 2824) -> Worstations / Printers / AP's / Etc.
The reason for the two routers are servers that are wired to first switch with external IP addresses. The first router acts as a firewall / IDS / IPS. Router two does limited NAT.

I have scoured logs of the switches and routers. I have also done a packet capture from one of the afflicted workstations, please see attachment. It's not browser specific as the problem exists with all browsers with the exception of TOR browser, but we all know whay that is. This isn't a firewall / AV issue as all have been disabled during testing.

Any help in this matter would be greatly appreciated. I am stumped. If this were a home issue I could probably just replace the router with a different device, but honestly I would like not only a solution, but an understanding of why this is occuring. What makes Craigslist different than all other sites? What makes the one workstation that can connect different than the others?

Thanks

First, my choice would have been https://forum.netgate.com/ since that's where they discuss that.

The fact the TOR browser works does point to possible geo-fencing by their site. "It's no secret that several years ago Craigslist implemented geo-blocking at both a country and state level. If you don't know, geo-blocking" if you research this.

So I'm possibly wrong but right about Craigslist and geo-blocking.

Thanks for the reply. It's unlikely that Craigslist is geo-blocking the USA and even if it were it wouldn't explain why one of the workstations can connect without issue using any browser.

I will also ask this over at the PfSense forum.

Your PFSense could be doing odd things to the browse traffic and thus breaking craigslist's odd things about it and it's geo-fence PLUS OTHER things that keep out bots and more. I can't list all that is odd about CL, but yes, it is different and as I'm only aware of CL oddities but don't know them all my take is "it's your PFsense and Cl" breaking down. You convinced me of this with your success with Tor.