This is a really weird problem that I can’t seem to track down further. Perhaps a creative person could suggest some test ideas. Here are the facts:

  • Firefox “Unable to connect” to my LAN server (a router) at 192.168.0.2 port 80.
  • Network error is specifically “NS_CONNECTION_REFUSED”.
  • Wireshark on a Raspberry Pi placed between the laptop and server shows no packets exchanged trying to connect. Any packet containing 192.168.0.2, any port.
  • Chrome and Safari work just fine on the same machine. I can see the packets in Wireshark. This validates my test setup works.
  • Curl works, loads the web page. I can see the packets.
  • I have reinstalled, refreshed, removed all extensions, cleared all history and cookies in Firefox and still cannot load the page.
  • Firefox in Safe Mode cannot load the page.
  • Disabled DNS over HTTPS, made sure No Proxy is selected in network settings. Still cannot load the page.
  • Disabled IPv6 in Firefox with about:config setting. Still fails.
  • I have no security software installed of any kind on this Mac. No antivirus or firewall except the default OS one.
  • Turned off Mac built-in Firewall. Still unable to connect.

Why is Firefox apparently refusing to connect to my server? Other LAN IP addresses work fine, even local ones. It specifically hates this one.

  • Start by also running Wireshark on the client device where Firefox is installed.

    Might be some weird fringe case that’s not handled correctly somewhere like an ipv4 checksum of ffff or something.
    This isn’t something too plausible, but this seems weird enough that farfetched things might be afoot.
    Then again, NS_CONNECTION_REFUSED would mean receiving a reset or something, as opposed to being silently dropped.

    Firefox does work for other LAN IPs, right?

    • @henfredemars@infosec.pubOP
      link
      fedilink
      English
      11 month ago

      Firefox is able to visit other LAN IPs fine, such as 192.168.0.1 and 192.168.0.203.

      Running Wireshark on the same laptop, it doesn’t see any outgoing packets for *.2.