Various sites and services being blocked - how to fix?
-
@silence I'm sorry, I don't understand the question.
-
@elmojo and about "Attack on the wan" it is possible that someone inside your lan uses certain malicious apps or tools unknowingly.
this is not a cause for concern as long as you keep it monitored.
-
@silence
It's just me inside my LAN. :)
Wouldn't that generate outgoing traffic, not incoming? -
@silence said in Various sites and services being blocked - how to fix?:
@elmojo, Restart Your FireTV And Then Try Browsing Again. Firewall Logs And Screenshot
I just did that a few minutes ago, but let's try it again. One moment...
Okay, here's the screenshot of when the FireTV is just rebooting.
I see it (11.106) connect to 52.94.233.94, which comes up as Amazon on a whois search.
However, it shows as "passed", so I can't figure why it can't connect.
The FireTV itself reports good connection to both network and internet, and some apps that require internet within the FireTV space work fine, such as Amazon Prime Video, which is really weird. -
@elmojo, At this point everything should work fine, can you send a photo that shows your firetv exactly?
-
@silence That would be nice, but it's not fine at all. Nothing has changed. I still have no 'Home' page for the FireTV, and I still can't access Netflix at all. :/
Here's what it looks like... https://ibb.co/XZ8Db2M
-
-
@elmojo, How does the wifi connection to firetv from pfsense get to some other router?
-
@elmojo, I'm completely sure it's not a pfsense issue, I suggest you factory reset your firetv and try
-
@silence said in Various sites and services being blocked - how to fix?:
@elmojo, How does the wifi connection to firetv from pfsense get to some other router?
I checked for updates yesterday, as part of this whole troubleshooting thing. It's all up to date.
I'm not sure what you mean. What other router? My FireTV is connected to my AP, as I mentioned earlier. The AP is connected directly to the pfsense, via igb1 on the NIC.
I've also tried it with the AP connected to through my wired switch, which also works (for basic internet), but does not fix the issues with Netflix and such.
Is that what you mean? -
@elmojo said in Various sites and services being blocked - how to fix?:
I've also tried it with the AP connected to through my wired switch, which also works (for basic internet), but does not fix the issues with Netflix and such.
He should have said this from the beginning, so as not to waste time.
It is more than clear that your firetv is the problem (it is not a network problem) Resetting the firetv could solve it.
-
@silence No one ever asked. The FireTV has to be wireless. It doesn't have a wired connection. How else would it be connected?
Why would it work perfectly all this time, and suddenly go belly up the second I bring the pfsense online? That seems like an awful coincidence not to be the fault of the pfsense box.And by the way, I did say this earlier. I'm sorry you missed it.
@elmojo said in Various sites and services being blocked - how to fix?:
It does occur to me that they are mostly on my wireless AP. I wonder if there's something funky going on there? I was expecting to have to do some configuration, but I just plugged it into one of the other ports on my NIC, and it started working, so I haven't thought much about it.
Is it possible that I need to make some interface assignment or set up a rule or something to give the AP access beyond what it already has? -
@elmojo, Don't worry, it's just a coincidence the thing happens example: once I connect my pfsense and I ran out of internet right at the same time, I thought it was pfsense but just my isp tube cut fiber right at the same time.
the thing happen ...!
-
@silence
I would agree, except that the FireTV/Netflix isn't the only thing that isn't working right since I've installed the pfsense. As I mentioned way back in the OP, there are several web sites that won't load right, and some apps on my phone that don't work. This is still the case. There's no way they all just happened to fail right at the same time. It has to be the pfsense. -
@elmojo, I see no problem in your pfsense, but you can give me remote access and I could re-configure everything
-
@silence I may very well try that, if you're willing.
In the meantime, I'm going to burn this box back to bare defaults and totally start over.
I'll use the information I've gained from this thread and others to set it back up only as much as I have to in order to connect to my DSL, and leave everything else as it comes.
If that doesn't work, I may ask for your kindness it remotely fixing things. At least you'll have a fairly clean setup to work with.
Right now, I'm going to find some dinner. I've been dealing with this more than 4 hours, and my brain hurts. :) -
@elmojo, no problem when you are ready you can post your contact information to do so.
-
@elmojo said in Various sites and services being blocked - how to fix?:
PPPoE credentials and VLAN (required to make my DSL connection work, but problem existed on DHCP also)
If you don't use the default DHCP, then yeah, set up PPPOE.
@elmojo said in Various sites and services being blocked - how to fix?:
IP of the pfsense box changed to match my network subnet
Ok, why not.
I saw 192.168.11.1 - the mask is still /24 ?
And you have checked the DHCP LAN server page - and changed everything from 192.168.1.x stuff to your 192.168.11.x (check pool).What you told here, is a bit (a small bit) beyond a vanilla setup.
@elmojo said in Various sites and services being blocked - how to fix?:
As for your statement about not changing network settings on devices,....
What I meant to say - and I agree, I didn't write that, is that a default out of the box setup works.
I have no problem with devices using static IP setup as long as we do not discober that the gateway wasn't set up correcly - or the DNS was wroing, or the mask was set to /32 - stuff like that.
"every has to sing DHCP in harmony" first. Add devices one by one. Then you can set up / change with only the sky as a limit.
Btw : Most of my LANs devices use DHCP - and pfSense has a static MAC lease for them. This way I don't have to admin these devices, can give them a host name I choose and they work out of the box. I can reset them, and they will work me doing nothing.@elmojo said in Various sites and services being blocked - how to fix?:
on my network that aren't working correctly are on DHC
And what did they receive as IP mask DNS and gateway ?
Check these devices.
Check the DHCP server log ? You see the DISCOVER ? the REQUESTS ? the OFFERS ? You can recognize the devices by their MAC addresses.Are the issues LAN and/or Wifi LAN based ? Your AP is truly an AP and it doesn't have DHCP activated ?
The Wifi devices receive (use) the same 192.168.11.x / 24 IP and have 192.168.11.1 as a gateway ? DNS points to 192.168.11.1 (or, why not - bypass pfSense and have them pointing to 8.8.8.8 ;) )@elmojo said in Various sites and services being blocked - how to fix?:
My follow-up Q is related to all those 'block' entries I'm seeing. Should I be concerned
That's probably the default invisible firewall rule on all interfaces that logs the blocks.
Disable :
on Status SystemLogs Settings
Or leave it checked, and place yourself a firewall rule on the WAN interface that doesn't log, and blocks everything.@silence said in Various sites and services being blocked - how to fix?:
127.0.0.1 is wrong
Correct - I have not that address entered no where.
I have
which is the default setting.
My dashboard says :
if that's wrong, then the default set up (chosen by Netgate) is wrong ?
I'm not saying 8.8.8.8 is bad. Hey, what the heck, if more then a billion people believe in facebook, then I wish them a nice time. I'm just not a member of the club.
I do like Google though ...
The thing is : using the big resolvers can imply other issues. So lets make the network work first.
When the Internet was created, a DNS system was needed, as people hate typing numbers.
The root servers were activated and since then everything works fine. So why not tapping into them ?@elmojo said in Various sites and services being blocked - how to fix?:
but if we block all WAN traffic, won't that block pretty much all incoming data?
That question means that you ignore what statefull firewall is.
I'll re phrase :
All incoming traffic on the LAN interface that goes to some host on the Internet will create a 'state. The host that replies back over that state - should I say 'channel' can talk back.
Every other device on the Internet that (tries to) talks to you visible WAN interface won't have a state => it gets dropped (and as you saw : logged) That's is what is called the Internet back ground noise.
When the channel is closed (example : the web page was loaded) the states is removed.
Read for example Firewalling Fundamentals - and don't stop there. Have some good Youtube stories about the subject.Btw : pfSense isn't really special here. All firewalls work like this.
@elmojo said in Various sites and services being blocked - how to fix?:
I'm just guessing, since it won't tell me anywhere in the FireTV GUI, but I think it's 192.168.11.106. This is based on the hostnames on the DHCP lease page.
Ah .... close. But the TV should have some GUI where it shows all this info (again : IP mask gateway DNS).
If you want to set up static IP settings for that TV,, you would need that screen to set things up.
While looking at the TV, look at the back : there should be a sticker with the MAC address. Did you saw this MAC addresses in the DHCP leases page ? In the DHCP logs ?
That's the perfect rule ;)
I use myself :
Rule 1 : the anti lock out rule (GUI setting) : I need it because I fool around a lot, and do make mistakes.
Rule 2+3 : I'm using pfBlockerNG-devel right now to try some things out.
Rule 4+5: IPv4 and IPv6 - IPv6 is only needed ... if you need it.
All that matters is rule 4 : it's the rule you've found when you installed the system.edit : hummm, my bad, a lot was said already.
-
@Gertjan Think it is a pfsense issue?
for me it only points to firetv. -
@silence
As I said before, I would totally agree that it was a problem with the FireTV, except that several other sites/services/apps also do not work correctly since turning on the pfsense, not just the FireTV and Netflix.@Gertjan Thanks so much for that detailed post. There was far too much in there for me to try to respond to any of it directly.
Since my last post, I have gone back to the very start. I reset the pfsense to factory defaults, and only set up the few things I needed (like DSL PPPoE stuff) and changed the IP range to match my network. I have an internet connection again, but nothing is really better.
I have checked the FireTV, and it reports that I have a good internet connection (it said this before also), but still no home screen or Netflix. There is no way to set any of the network settings directly, it's pure DHCP only. I can view a status screen and confirm the IP address (11.106), gateway (11.1) subnet mask (/24), DNS (11.1) and MAC address, but none of these things are selectable or changeable.
