Various sites and services being blocked - how to fix?

A Former User

@elmojo, I am a bit confused because it has wan interfaces?

I try to understand what use you want to give your pfsense to help with a configuration.

Elmojo

@silence said in Various sites and services being blocked - how to fix?:

@elmojo, I have multiple pfsense and everything has this configuration, I never have any problem.

127.0.0.1 is wrong

I dunno man, I'm just going by what I was told by @Gertjan. Maybe you know more than he (she?) does, maybe it's the other way around. I guarantee you both know more than me! lol
All I know is that I had it set to 8.8.8.8 when I first set it up, and nothing worked right. Removing that entry and letting it default caused a few things to work a bit better, but not everything.
I don't see anything in my rules about port 53. What do you mean? It set those up during the wizard, I have not set any rules myself.

@silence said in Various sites and services being blocked - how to fix?:

@elmojo, I am a bit confused because it has wan interfaces?

I try to understand what use you want to give your pfsense to help with a configuration.

What's confusing about the WAN interfaces? Do you mean the rules, or the blocking entries, or ???

A Former User

@elmojo, Status > System Logs > System > DNS Resolver
and send screenshot

Diagnostics > DNS Lookup >

Elmojo

@silence album updated
I really appreciate your help, by the way.
I realize something is super sketchy here. Do you think this is fixable, or should I just burn this thing back to factory defaults and start over? I don't have much configured, so if you think it would help, I can (hopefully) get it set back up again. :)

I'm most worried about getting the WAN configured to play nice with my DSL, but I think we got that sorted out now.

A Former User

@elmojo, Firewall> Rules> Wan> Add

Create this rule in your wan interfaces to block all

Then go to Interfaces> wan and uncheck this option

Elmojo

@silence
I'm willing to try, but can you explain the idea first please? All documentation and videos I've watched say to not disable that "bogon blocking" feature.

A Former User

@elmojo I am not very theoretical, it is simply the logical thing that I do when I configure new pfsense to disable default rules and I add this rule to block and monitor all traffic in the wan.

Elmojo

@silence That makes sense. Please excuse my (extreme) ignorance, but if we block all WAN traffic, won't that block pretty much all incoming data? Or is it only for requests that originate outside my LAN, thus making them likely to be malicious?

EDIT: I did as you show above. The logs look like this now... https://ibb.co/xL9k0cf

A Former User

@elmojo, Apply this setting just as the image shows.

A Former User

@elmojo, Switches from (Lan Net) To (*) In both rules

Elmojo

@silence
Okay, both done, no improvement.
I have now lost access to the Amazon app again on my phone, likely due to the DNS change.
I still cannot access the FireTV home screen, or Netflix. I can, oddly, access Amazon Prime Video on my TV. I'm not sure if that was working before or not, I never tried.

A Former User

@elmojo, try to enter again and then go to firewall logs and send me a screenshot ...

It must be quick. I want to see what blocks this.

A Former User

@elmojo
what is the ip of your the FireTV?

Elmojo

@silence said in Various sites and services being blocked - how to fix?:

@elmojo, try to enter again and then go to firewall logs and send me a screenshot ...

It must be quick. I want to see what blocks this.

This is the log about 30secs after I clicked "try again" on the FireTV.

@silence said in Various sites and services being blocked - how to fix?:

@elmojo
what is the ip of your the FireTV?

I'm just guessing, since it won't tell me anywhere in the FireTV GUI, but I think it's 192.168.11.106. This is based on the hostnames on the DHCP lease page.
In any case, the firewall is only logging WAN traffic being blocked, since we have it set to allow everything on the LAN, so that internal IP isn't going to show up regardless.

A Former User

@elmojo well delete all the lan rule and create a new one allow all to all and enable logs in these rules.

A Former User

@silence Example:

Elmojo

@silence Done.
Well, that certainly changes the look of the logs...
Here it is just after the new rule was in place, and I clicked the "try again" button on the FireTV...again. :)
I see some activity on 11.106, but it appears to pass. Maybe the "return traffic" was one of those that got blocked? It's hard to say, since I seem to have LOTS of incoming WAN 'attacks' (for lack of a better term) all the time. Is that normal? Seems like a lot.

A Former User

@elmojo, Test port Source Address = LAN

A Former User

@silence How is the gateway? Latency

Elmojo

@silence Test passed, no problem.
Gateway: RTT-21.859ms RTTsd-0.321ms Loss-0.0% Status-Online