Various sites and services being blocked - how to fix?
-
@gertjan said in Various sites and services being blocked - how to fix?:
A pfsense router, set up with a LAN and WAN interface, using 99,99 default settings (not 100 % as you had to change the password !) will have like your ISP router : it works.
So, I repaet :
Assign WAN (the default DHCP will most often do just fine)
Assign LAN - accept default settings)
Cahnge password.
Done.
Your network is up and "Internet"works.
If it doesn't work ? Ok tell us what you changed and I tell you to undo that.
I do presume you did not change any "LAN device settings" (yor TV, Phone, PC etc), like switching from DHCP to static IP etc. You should never change network settings of devices, they always work out of the box.I'm not totally sure I follow you, but I'm trying, please bear with me...
I think you're saying that if I set things to defaults in pfsense, they should "just work".
To the best of my knowledge, I'm pretty much there! All I've changed from initial install is:- admin password
- PPPoE credentials and VLAN (required to make my DSL connection work, but problem existed on DHCP also)
- IP of the pfsense box changed to match my network subnet
- default firewall rules setup by wizard (anti-lockout, LAN allow any v4/v6)
- that's it!
As for your statement about not changing network settings on devices, I just can't agree with that, sorry. There are lots of reasons why individual devices can and should have their network settings edited. Static IP assignments for cameras are the most obvious that pop into my mind, but there are lots of others. Regardless, the devices on my network that aren't working correctly are on DHCP, and don't have any special settings applied.
It does occur to me that they are mostly on my wireless AP. I wonder if there's something funky going on there? I was expecting to have to do some configuration, but I just plugged it into one of the other ports on my NIC, and it started working, so I haven't thought much about it.
Is it possible that I need to make some interface assignment or set up a rule or something to give the AP access beyond what it already has? -
@elmojo, you can post a screenshot of your dasboard.
-
This post is deleted! -
This is weird. I can post, but I can't edit. I just get these generic "error" messages.
Anyway, I remembered that I had saved this document from the Netgate docs
It seems to be describing what I want to do, but doesn't say how to do it. It assumes I know far more about how to configure the system than I actually do. I appreciate the optimism, but I could use a bit more hand-holding...
As for the screenshot of my dashboard, not sure how that'll help, but sure, here you go!
Okay, scratch that. I get an "error parsing server response" when I try to upload. -
@elmojo, The best way to help you is to see what you see.
-
@elmojo, which shows your firewall logs for example
-
@silence
I wish I could, but the site isn't working for me, sorry.
I think this site must be one of those that's being partially blocked for some reason.
When I try to upload the screenshot, I just get an error: "something went wrong while parsing server response"
And anytime I try to edit a post, it fails with a simple "error" popup.
I've tried it on both FireFox and Chrome, both do the same thing. -
@elmojo, You can try uploading the screenshot to a cloud service like google or something similar?
-
@silence
I could I guess.
Please tell me what you'd like to see specifically, so I can do it all at once to save time.
You mentioned the dashboard, but also the firewall logs?
Those are on different screens, right? -
@elmojo, Status > System logs > Firewall
and System information in dasboard
-
@silence Album Link: https://ibb.co/album/rGsxLQ
I'll add to this if needed as we discuss...
Thanks! -
@elmojo, System > General Setup > DNS SERVER SETTINS > DNS SERVER = 8.8.8.8
-
@elmojo, Firewall> Rules> Wan and send screenshot
And Firewall> Rules> Lan and send screenshot
-
@elmojo, Status> System logs> Firewall and then share new logs
-
@silence
I'm sorry, I don't understand what you're saying.
If you're telling me to set my DNS to Google's 8.8.8.8, then no.
I just got that fixed earlier in this thread with @Gertjan's help. Having a DNS specified in my settings we preventing most anything from working.
Removing the DNS entry entirely and using the default setting has got it working to this point.As for the other screenshots, I'll add them to the album shortly.
EDIT: Album updated.
-
@elmojo, I have multiple pfsense and everything has this configuration, I never have any problem.
127.0.0.1 is wrong
-
@elmojo, I am a bit confused because it has wan interfaces?
I try to understand what use you want to give your pfsense to help with a configuration.
-
@silence said in Various sites and services being blocked - how to fix?:
@elmojo, I have multiple pfsense and everything has this configuration, I never have any problem.
127.0.0.1 is wrong
I dunno man, I'm just going by what I was told by @Gertjan. Maybe you know more than he (she?) does, maybe it's the other way around. I guarantee you both know more than me! lol
All I know is that I had it set to 8.8.8.8 when I first set it up, and nothing worked right. Removing that entry and letting it default caused a few things to work a bit better, but not everything.
I don't see anything in my rules about port 53. What do you mean? It set those up during the wizard, I have not set any rules myself.@silence said in Various sites and services being blocked - how to fix?:
@elmojo, I am a bit confused because it has wan interfaces?
I try to understand what use you want to give your pfsense to help with a configuration.
What's confusing about the WAN interfaces? Do you mean the rules, or the blocking entries, or ???
-
@elmojo, Status > System Logs > System > DNS Resolver
and send screenshotDiagnostics > DNS Lookup >
-
@silence album updated
I really appreciate your help, by the way.
I realize something is super sketchy here. Do you think this is fixable, or should I just burn this thing back to factory defaults and start over? I don't have much configured, so if you think it would help, I can (hopefully) get it set back up again. :)I'm most worried about getting the WAN configured to play nice with my DSL, but I think we got that sorted out now.
