This is a really weird problem that I can’t seem to track down further. Perhaps a creative person could suggest some test ideas. Here are the facts:

  • Firefox “Unable to connect” to my LAN server (a router) at 192.168.0.2 port 80.
  • Network error is specifically “NS_CONNECTION_REFUSED”.
  • Wireshark on a Raspberry Pi placed between the laptop and server shows no packets exchanged trying to connect. Any packet containing 192.168.0.2, any port.
  • Chrome and Safari work just fine on the same machine. I can see the packets in Wireshark. This validates my test setup works.
  • Curl works, loads the web page. I can see the packets.
  • I have reinstalled, refreshed, removed all extensions, cleared all history and cookies in Firefox and still cannot load the page.
  • Firefox in Safe Mode cannot load the page.
  • Disabled DNS over HTTPS, made sure No Proxy is selected in network settings. Still cannot load the page.
  • Disabled IPv6 in Firefox with about:config setting. Still fails.
  • I have no security software installed of any kind on this Mac. No antivirus or firewall except the default OS one.
  • Turned off Mac built-in Firewall. Still unable to connect.

Why is Firefox apparently refusing to connect to my server? Other LAN IP addresses work fine, even local ones. It specifically hates this one.

  • NegativeLookBehind@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    25 days ago

    I don’t have any great suggestions, but a few things come to mind:

    Did you try it in private browsing mode?

    Did you try an older version of Firefox?

    Can you set up a proxy and configure Firefox to use it?

    Can you find Firefox’s logs on that machine and analyze them?

    Can you try it from another machine that has Firefox on it?

    Can you run Firefox in a container and see if that works?

    • henfredemars@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      25 days ago

      Private browsing has no effect. Cannot connect, no packets observed in Wireshark. What are these logs that you might suggest viewing? There’s a console, but I didn’t observe any relevant long messages.

      I downloaded an older version from three months ago and it cannot load the page on the test machine. A arbitrarily-tested older version wasn’t compatible with my Mac.

      I tried Firefox on another machine (Linux) and it can load the page no problems. Sadly, I don’t have a second Mac to test if it’s a Mac thing, but then why this IP? Seems strange to me.

      If I use an SSH tunnel to direct localhost:8000 to 192.168.0.2:80 using a third box as a go-between, it connects just fine. Enter it directly in the address bar and no dice. Cannot connect.

      Thank you for the suggestions! I’m stumped. I can work around it, but it’s really weird and it would be nice to know why it doesn’t like this IP.

        • henfredemars@infosec.pubOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          25 days ago

          Hmm, that’s a reasonable thing to test. Sadly, this Linksys router doesn’t allow changing the IP in bridge mode. It will be the subnet mask ending in .2. It’s really lame to be limited in such a way, but nearly all settings are disabled in bridge mode.

          This browser cannot access the router settings. Other browsers and devices can. It’s very odd that it seems unable to communicate to this IP.

          I can live with this, but it really makes me wonder why.

  • Dragomus@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    25 days ago

    I once had a similar issue (but not fully the same), alas I forgot how I fixed it.

    Some suggestions:

    • Any mention of *.0.2 in your host file? FF might read it differently from other programs
    • if nothing there perhaps you can add a link to *.0.2 in the host file?
    • clear the dns cache etc via ipconfig in a command prompt
    • Firefox proxy settings, set something else, close ff, open it again then revert to no proxy
    • Disable the FF safebrowsing thing (forgot the name and can’t currently check)
    • Disable FF secure dns features, don’t let firefox choose one nor set a custom one, just put it on isp provided only <- also, use this one in windows tcp/ip settings, not a google one etc.
    • is the subnet mask set correctly? If behind a switch and 2nd network/NAT
    • make a new empty FF profile and try the adress from there

    Percussive maintenance? ;-)

    Hope you get it resolved.

    • henfredemars@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      25 days ago

      You are a god. For mysterious reasons, having this IP in my hosts file breaks loading the page. Removing it from hosts restores access. I have no idea why Firefox would care about this because I’m not trying to access the page by name, but by IP address. My best guess is there’s some sort of bug relating to handling of hosts file entries.

      • Dragomus@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        23 days ago

        Haha thanks :-)

        I vaguely remembered an issue with a host file that firefox blocked instead of rerouted. Never did get to submit a bug report for it I think, hmm.

        Glad I could help you resolve it.

  • pack@sh.itjust.works
    link
    fedilink
    arrow-up
    2
    ·
    25 days ago

    Firefox has an HTTPS-Only mode. Did you double check that? Make sure you can get anywhere on http tcp/80 in the browser.

    • henfredemars@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      25 days ago

      Yes that is turned off. Also checked I can visit an unencrypted website, port 80. It also works over LAN using a python script.

  • SanctimoniousApe@lemmings.world
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    25 days ago

    The fact you’re not seeing any exit packets, along with the ability to connect using anything other than Firefox means it must be an issue with Firefox itself.

    Not to insult your intelligence, but do you have any extensions installed on Firefox such as an ad-blocker? Ones that are allowed to operate in private mode as well? I’ve had random issues with blacklists in my ad-blocker having bad entries in the past.

    • henfredemars@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      25 days ago

      No insult taken! I reset Firefox and I’m using a new profile. There are no extensions installed.

      I’m not sure how I would go about debugging Firefox further to understand why it doesn’t want to attempt connecting to that IP. Currently I agree with you. It seems like there’s some bug with Firefox itself or perhaps an unexpected configuration hidden elsewhere on the system on which it depends but nobody else.

  • Start by also running Wireshark on the client device where Firefox is installed.

    Might be some weird fringe case that’s not handled correctly somewhere like an ipv4 checksum of ffff or something.
    This isn’t something too plausible, but this seems weird enough that farfetched things might be afoot.
    Then again, NS_CONNECTION_REFUSED would mean receiving a reset or something, as opposed to being silently dropped.

    Firefox does work for other LAN IPs, right?

    • henfredemars@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      25 days ago

      Firefox is able to visit other LAN IPs fine, such as 192.168.0.1 and 192.168.0.203.

      Running Wireshark on the same laptop, it doesn’t see any outgoing packets for *.2.

    • henfredemars@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      25 days ago

      Nope! I just ran this test. No outgoing packets seen on the same machine with firefox trying to visit 192.168.0.2.