pfsense blocking certain/some sites

Gurveer · Aug 30, 2022, 1:59 PM

ive freshly installed pfsense and upgraded to plus edition but pfsense blocked sites(ie: https://www.bsnl.co.in https://portal.bsnl.in
https://portal2.bsnl.in )in both editions(ce and plus), also i tried everything mentioned here(https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.html) but nothing changed.These websites opens seamlessly when directly connected to isp modem or using opnsense os(i dont want use opnsense because it doesnt support alias bandwidth control).I havent installed any package.

stephenw10 · Aug 30, 2022, 2:01 PM

When you try to access those sites what error do you see?

Can you resolve those FQDNs from a client behind pfSense?

Those sites all open fine from behind pfSense for me. Something must be failing locally to you.

Steve

Gurveer · Aug 30, 2022, 2:03 PM

@stephenw10 no dns found in chrome ; url wrong or typo in edge. im kind of noob here please explain these fqdns

stephenw10 · Oct 2, 2022, 4:20 PM

Ok, so it sounds like a DNS issue.

Go to Diag > DNS Lookup in pfSense and try to resolve www.bsnl.co.in. What results does it show?

By default all clients behind pfSense should use pfSense for their own DNS but clients may choose not to do that. So if that resolves on pfSense but not at the client check the local DNS settings at the client.

Steve

Gurveer · Oct 2, 2022, 4:45 PM

@stephenw10 tthanks pal www.bsnl.co.in started opening after doing dns lookup but portal.bsnl.in, portal.bsnl.in are not opening.pls help

stephenw10 · Oct 2, 2022, 6:59 PM

Do those resolve correctly in pfSense? In Diag > DNS Lookup?

rcoleman-netgate · Oct 2, 2022, 7:01 PM

@stephenw10 There is another thread about this here: https://forum.netgate.com/topic/174426/pfsense-blocking-some-sites/6

Gurveer · Oct 3, 2022, 3:50 AM

@stephenw10 all three getting resolved but only bsnl.co.in opens in browser rest two portal.bsnl.in,
portal2.bsnl.in aint opening in browser (tho getting resolved)

stephenw10 · Oct 3, 2022, 11:20 AM

What error is shown when you try?

Did you try multiple browsers?

Do you see any blocked traffic to/from the IPs they resolve to?

More generally:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.html

Steve

Gurveer · Oct 3, 2022, 12:02 PM

@stephenw10 ya i tried safari opera edge brave but non worked the most common error is dns not found but in opnsense these websites works fine idk where problem is cz its fresh install(also tried everything from link you mentioned)

stephenw10 · Oct 3, 2022, 1:09 PM

So it's still intermittently failing to resolve?

Does it resolve reliably in Diag > DNS Lookup?

What error do you see when it does resolve?

Steve

bingo600 · Oct 3, 2022, 4:11 PM

@stephenw10
I have no issues w. those sites ...
See
https://forum.netgate.com/post/1064413

stephenw10 · Oct 3, 2022, 4:17 PM

Yup, works fine for me too.

So this looks like either something in your config or in your route.

It's probably not a firewall rule issue though so it would be better to continue here IMO.

You need to try to determine exactly what is failing.

Steve

Gurveer · Oct 3, 2022, 4:21 PM

@stephenw10 im kind of noob here also its fresh install just upgraded to plus from ce(sites aint working in both) but in opnsense(fresh install) it works idk whats problem is please help guys tho clinging to opnsense aint any issue but opnsense aint got alias bandwidth limiting

stephenw10 · Oct 3, 2022, 4:29 PM

@stephenw10 said in pfsense blocking certain/some sites:

So it's still intermittently failing to resolve?
Does it resolve reliably in Diag > DNS Lookup?
What error do you see when it does resolve but still fails to open?

Same questions. ^

bingo600 · Oct 3, 2022, 4:46 PM

@gurveer
What happens if you go directly to the website via the ip address ?

https://117.239.179.10/

You might have to accept (make an exception) on the certificate , as the cert will only match the below marked domains.

login-to-view

After allowing an exception for the website i see this

login-to-view

What do you see ???

Edit:
And just to recap.
Do you still have DNS issues ?

Or does a

nslookup portal.bsnl.in

Return the ip address : 117.255.216.68

Edit2:
Did we ever see OP's Unbound Config screenshots and the System --> General setup "DNS section" setup screenshots ??

/Bingo

stephenw10 · Oct 3, 2022, 4:48 PM

Mmm, this still feels like a DNS problem until we can prove conclusively it's not!

Gurveer · Oct 3, 2022, 5:23 PM

@bingo600 like you said it opened after using ip https://117.239.179.10/ instead portal2.bsnl.in now what to do?

Gurveer · Oct 3, 2022, 5:27 PM

@stephenw10 its resolves in diag>dns lookup but aint opening in browser when using portal2.bsnl.in and this is the error i get on browser "This site can’t be reached portal.bsnl.in’s DNS address could not be found. Diagnosing the problem.
DNS_PROBE_POSSIBLE"

Gurveer · Oct 3, 2022, 5:45 PM

@bingo600 where to find unbound configurations and screenshot of dns setup is here!login-to-view