pfsense blocking discord app connectivity
-
so, I have pfsense properly configured as a default deny all unless otherwise specified, and I am unable to find anything, that I have been able to successfully use to get the desktop discord client to connect, at all, and am at a loss here so I figured I'd just come to the experts, and ask directly!
I have found, that discord states it needs to be able to connect on port 443 (https) for access to connect, and I allowed that, on the case of udp AND tcp, to discordapp.com and discord.gg to no change, so I'm at a complete loss, and have not had enough sleep to understand why this is not working.
my pfsense firewall has the following services in total, and I'll list which ones are enabled and disabled respectively.
bandwidthd (enabled)
c-Icap (enabled)
clamd (enabled)
darkstat (enabled)
dhcpd (enabled)
dpinger (enabled)
iperf (not yet enabled)
named (enabled)
ntopng (enabled)
ntpd (enabled)
pfb_dnsbl (disabled until I can fix the issues its causing, namely and originally THIS being why discord would not connect, no longer seeming to be why it wont)
pfb_filter (disabled, ditto above)
squid (enabled)
squidguard (disabled currently, plan to enable again)
suricata (enabled)
syslogd (enabled)
tinc (not yet configured to be able to enable it)
unbound (enabled)any log data, or additional info available upon request if it would be useful to provide (I would not know WHAT to provide at the moment to provide it proactively)
I would like to know what I need to do, to enable my ability to connect and use discord THROUGH my firewall, else what is the point of having one if I have to bypass its additional security just to use one of the primary applications I need to use for the work that I do with friends of mine. I will work on this for as long as it takes to get this working and fixed, and also be able to provide documentation for others like me that are having this same issue, given how little I was able to find online at all for documented steps to fix this issue.
Thank you for your time!
-
@high_voltage Since I haven't seen any replies to this thread or any threads like it using Google search, I'm going to answer it for the sake of incase anyone happens to land here looking for the same answer. It's really simple, you just need to make sure discord.gg and discordapp.com are whitelisted in pfBlocker.
Unless you have any special rules in the firewall, add these website address to firewall > pfBlockerNG > DNSBL > scroll down until you see the dnsbl whitelist section and add them there. Save and then do a update to reload DNSBL. Then go back to your client, in this case I'm assuming Windows, open a command prompt as administrator to be safe, and do an ipconfig /flushdns. After that, try getting on discord again. But after pulling my hair out for several hours when it was just pfBlocker stopping me from getting onto discord, I want to ensure nobody else runs into this issue like I did. I think in your case, you may have needed to flush your DNS as I forgot that step and it was still not connecting.
-
@tbreece ironically yes and no. I never replied to this because i only ever partially fixed it even all this time later, i can connect to discord just fine now through pfsense and my recursive piholes, but crap still doesnt work right. To explain, almost every discord server i am in fails to load anything delivered over their cdn, no server images load, no server specific emojis, no profile images, NOTHING sent by their cdn, and i just flat out said "fuck it, it works, doesnt work right but at least i can connect, fuck this" given i followed every single freaking guide under heaven and earth and its still not foxed. I literally have every single domain discord owns as a firewall alias whitelist to bypass the firewall blocks, AND BOTH recursive subdomain whitelists and exact subdomain whitelists for discord in pfblocker.
I literally can't do anything to fix it, so i said fuck it and gave up.
Also for what its worth, i even reset the firwall states table, rebooted pfsense countless times, and even force reset pfblocker by way of telling it the traditional combo to forcefully reload itself with fresh rules from the configs to clear out possible config corruption, i have literally done everything possible to fix it when i say that...
Please forgive the rough reply, 1145, just saw the email notification and posting from cellphone.
-
If pfSense users couldn't visit Discord, then that would have been know.
I guess it's easy to test whats going on :
Remove these from the equitaion :
c-Icap (enabled)
clamd (enabled)
darkstat (enabled)
iperf (not yet enabled)
named (enabled)
ntopng (enabled)
pfb_dnsbl (disabled until I can fix the issues its causing, namely and originally THIS being why discord would not connect, no longer seeming to be why it wont)
pfb_filter (disabled, ditto above)
squid (enabled)
squidguard (disabled currently, plan to enable again)
suricata (enabled)
pfb_dnsbl (disabled until I can fix the issues its causing, namely and originally THIS being why discord would not connect, no longer seeming to be why it wont)
pfb_filter (disabled, ditto above)
squid (enabled)
squidguard (disabled currently, plan to enable again)
suricata (enabled)and for the time being, even this one :
pi-holeThe fastest way to do so :
Backup your pfSense config.
With the console, goto default settings
If needed Assign Interface and make a minimal WAN/LAN config that works.
Without any surprise : Discord works.
Now add one by one back in everything from you list.
The moment it breaks, you go one step back and you'll be good.Btw :
unbound and named are running both. Very Interesting.
Both use the same ports. But they can not use the same ports, one will bail out on start. -
I know this is an old topic, but in case anyone in the future reads this. By the looks of it, I have fixed the issue(s) I was facing with uploading media to discord behind pfSense firewall.
As starter I used @tbreece his answer, but still file(s) and/or photo(s) wouldn't upload. I checked the Unified tab in pfBlockerNG and saw an domain being blocked discord-attachments-uploads-prd.storage.googleapis.com After I added this one with a period in front. The photo from my phone uploaded to discord as soon as I ran the force update in pfBlockerNG.
Disclosure: I'm not 100% positive that this will work for everyone, but I guess its worth a shot :-)
-
@Malibucola I am currently unable to test my setup since I have "recently" moved and am in the process of saving up money to have electrical outlets run, therefor my server rack and equipment are off (including my pfsense server) but I vaguely think that was also what I had to do to unblock uploads, I do recall I had fixed it some time ago and clearly forgot to update here with that news/what I did to fix it, but I do recall I freaking hate google and have all the non-required google things blocked and vaguely recall that I think I also figured out that was the domain name in question that fixed it, the URL just has a very hard recollection in memory when I see that domain. so yes, I do think that was what I did to fix it as well.
@Gertjan for extra info, I did follow the guide of "suricata/snort, taming the beasts" and followed it HARD, so, just for extra context, that I am almost positive is half of my problem and why "if users could not access discord, we would know" style of comment is not more applicable, now mind you I am fully assuming this statement to be accurate and am happy to correct if I'm incorrect here however it is likely applicable info to add either way, but yea, I block everything google that is not mandatory for the internet to work (google adsense, analytics, adwords, google api tracking domains that are EXPLICITLY tracking domains, clearly the wrong subdomain of google-apis here as well)