This is a really weird problem that I can’t seem to track down further. Perhaps a creative person could suggest some test ideas. Here are the facts:
- Firefox “Unable to connect” to my LAN server (a router) at 192.168.0.2 port 80.
- Network error is specifically “NS_CONNECTION_REFUSED”.
- Wireshark on a Raspberry Pi placed between the laptop and server shows no packets exchanged trying to connect. Any packet containing 192.168.0.2, any port.
- Chrome and Safari work just fine on the same machine. I can see the packets in Wireshark. This validates my test setup works.
- Curl works, loads the web page. I can see the packets.
- I have reinstalled, refreshed, removed all extensions, cleared all history and cookies in Firefox and still cannot load the page.
- Firefox in Safe Mode cannot load the page.
- Disabled DNS over HTTPS, made sure No Proxy is selected in network settings. Still cannot load the page.
- Disabled IPv6 in Firefox with about:config setting. Still fails.
- I have no security software installed of any kind on this Mac. No antivirus or firewall except the default OS one.
- Turned off Mac built-in Firewall. Still unable to connect.
Why is Firefox apparently refusing to connect to my server? Other LAN IP addresses work fine, even local ones. It specifically hates this one.
You must log in or # to comment.
I once had a similar issue (but not fully the same), alas I forgot how I fixed it.
Some suggestions:
- Any mention of *.0.2 in your host file? FF might read it differently from other programs
- if nothing there perhaps you can add a link to *.0.2 in the host file?
- clear the dns cache etc via ipconfig in a command prompt
- Firefox proxy settings, set something else, close ff, open it again then revert to no proxy
- Disable the FF safebrowsing thing (forgot the name and can’t currently check)
- Disable FF secure dns features, don’t let firefox choose one nor set a custom one, just put it on isp provided only <- also, use this one in windows tcp/ip settings, not a google one etc.
- is the subnet mask set correctly? If behind a switch and 2nd network/NAT
- make a new empty FF profile and try the adress from there
Percussive maintenance? ;-)
Hope you get it resolved.
You are a god. For mysterious reasons, having this IP in my hosts file breaks loading the page. Removing it from hosts restores access. I have no idea why Firefox would care about this because I’m not trying to access the page by name, but by IP address. My best guess is there’s some sort of bug relating to handling of hosts file entries.
I found this answer, but I still don’t understand what’s going on and why this network.trr.exclude-etc-hosts might be useful.
The fact you’re not seeing any exit packets, along with the ability to connect using anything other than Firefox means it must be an issue with Firefox itself.
Not to insult your intelligence, but do you have any extensions installed on Firefox such as an ad-blocker? Ones that are allowed to operate in private mode as well? I’ve had random issues with blacklists in my ad-blocker having bad entries in the past.
No insult taken! I reset Firefox and I’m using a new profile. There are no extensions installed.
I’m not sure how I would go about debugging Firefox further to understand why it doesn’t want to attempt connecting to that IP. Currently I agree with you. It seems like there’s some bug with Firefox itself or perhaps an unexpected configuration hidden elsewhere on the system on which it depends but nobody else.
You might try a quick shell script to set NSPR_LOG_MODULES and NSPR_LOG_FILE to “all” debug mode to fish for some clues. https://firefox-source-docs.mozilla.org/nspr/reference/nspr_log_modules.html#nspr-log-modules
Proxy settings in about:config?
The proxy is disabled. No proxy.
Firefox has an HTTPS-Only mode. Did you double check that? Make sure you can get anywhere on http tcp/80 in the browser.
Does wireshark on the Firefox box show outgoing packets to 192.168.0.2?
Start by also running Wireshark on the client device where Firefox is installed.
Might be some weird fringe case that’s not handled correctly somewhere like an ipv4 checksum of ffff or something.
This isn’t something too plausible, but this seems weird enough that farfetched things might be afoot.
Then again, NS_CONNECTION_REFUSED would mean receiving a reset or something, as opposed to being silently dropped.Firefox does work for other LAN IPs, right?
I don’t have any great suggestions, but a few things come to mind:
Did you try it in private browsing mode?
Did you try an older version of Firefox?
Can you set up a proxy and configure Firefox to use it?
Can you find Firefox’s logs on that machine and analyze them?
Can you try it from another machine that has Firefox on it?
Can you run Firefox in a container and see if that works?
Private browsing has no effect. Cannot connect, no packets observed in Wireshark. What are these logs that you might suggest viewing? There’s a console, but I didn’t observe any relevant long messages.
I downloaded an older version from three months ago and it cannot load the page on the test machine. A arbitrarily-tested older version wasn’t compatible with my Mac.
I tried Firefox on another machine (Linux) and it can load the page no problems. Sadly, I don’t have a second Mac to test if it’s a Mac thing, but then why this IP? Seems strange to me.
If I use an SSH tunnel to direct localhost:8000 to 192.168.0.2:80 using a third box as a go-between, it connects just fine. Enter it directly in the address bar and no dice. Cannot connect.
Thank you for the suggestions! I’m stumped. I can work around it, but it’s really weird and it would be nice to know why it doesn’t like this IP.
You’re welcome! Can you change the IP of the target host?
