Slack not working

mgodinez · Dec 5, 2022, 8:38 PM

Hi everyone,
Due to my new job, I had to install SLACK in my computer, but seems that is not able to connect due to being blocked by PfSense. I am kind of new to PfSense, so any help getting this app to work and communicate with it's servers would be appreciate it. Any ideas where should I start to de-block the Slack app? (Running Windows 10)

Thanks in advance!

Manny

viragomann · Dec 5, 2022, 9:09 PM

@mgodinez
pfSense at it own does not block anything.
Are you running packets like squid or pfBlockerNG?

Can you resolve the Slack host name?

mgodinez · Dec 6, 2022, 2:27 AM

@viragomann
I have both installed. I am running both with it's default settings, so I haven't changed anything in them, just what the tutorials have said to change.

Here is what I get while using the command line: (First lines are blurred for security)

pirod · Dec 6, 2022, 2:27 AM

Hi,
I have same issues on a new netgate. I lose traffic on slack too. If I unplug pfsense slack comes back. The firewall is configured with default rules...

thanks
Pierre

viragomann · Dec 6, 2022, 4:12 PM

@mgodinez
So disable the add-ons for testing.
I'd rather suspect squid, as you're able to ping slack.com.

I use Slack here as well behind pfSense with pfBlockNG and DNSBL enabled. Never has an issue with that.
But when I resolve slack.com, I get other IPs here.

heper · Dec 6, 2022, 2:12 PM

@mgodinez the "hit-adult.opendns.com" in the traceroute seems fishy.

are you sure it is not opendns blocking the correct dns lookup ?

 hit-adult.opendns.com indicates that a domain is blocked by category

michmoor · Dec 6, 2022, 3:46 PM

@mgodinez For what its worth slack pulls up the following IPs for me

The last hop in your trace is Cisco

So its somewhat clear to me that PFsense is not your DNS Server OR its upstream server is Cisco Umbrella where the filtering is taking place.

Gertjan · Dec 6, 2022, 4:12 PM

@viragomann

Same here.
Using pfBlockerng-devel as a potential source of problems, but slack.com isn't lsited in any of my feeds.
I can connect to www.slack.com, using a browser, from France, just fine.

My LAN is using the one-and-only default rule :

my unbound/resolver/DNS settings are 'all default', so I'm happily resolving, as it works so good out of the box.

@pirod said in Slack not working:

I have same issues on a new netgate. I lose traffic on slack too. If I unplug pfsense slack comes back. The firewall is configured with default rules...

So, when some one buys a Netgate device, or installs 2.6.0 or "pfSense plus" on a home made router/firewall dvice, it works but some sites like "www.slack.com" doesn't work, and you have to "do something" to make it work for that site.
Are you sure ?

slack.com has some (temporary ?) dnssec issues https://dnsviz.net/d/slack.com/dnssec/, some DNS servers didn't feel like answering, many tries were needed.

This one https://www.zonemaster.net/result/de8a8f010211e03e also confirms that some one is messing around with something. It took a (to !) long time to do this test.

A host with a healthy DNS (and all the DNSSEC stuff) : about 15 seconds : https://www.zonemaster.net/result/035b0fe03337fdb7

As usual, when domain name admins are not doing there work right, they can easily remove the site from the Internet.

pirod · Dec 6, 2022, 7:01 PM

I have blocked navigation with default settings not only on slack. Was just an example.

For me I see blocked:

slack app and website
Tunein
Reddit website

and even some of our company internal web pages! I see the generic ipv4 block all reason. But I don't even find that rule.

thanks

mgodinez · Dec 6, 2022, 7:39 PM

@heper Yes, that was the problem, OpenDNS was blocking slack. Removed that and it is working now. Thanks to all for all your help!

Gertjan · Dec 7, 2022, 9:49 AM

@pirod said in Slack not working:

But I don't even find that rule

When you install pfSense, there is no 'block' rule.
There is only the rule I've shown above. Without exception, all traffic is passed from LAN to WAN.

If many, random sites, don't seem to work : Check if you have a good connection to the 13 main DNS root servers : when you restart unbound, these will be shown in Status> DNS Resolver. That page will then start to fill up rapidly with everything unbound resolve for you.
Check what is called MTU. It's been know that some ISP routers do strange thing with the packet size : MTU gets to small and random sites won't load anymore.
But also : you use a VPN .... that opens up an entire different rabbit hole, as many big sites 'don't like' their services being accessed by VPN.

And as always : use and abuse the golden rule : pfSense hasn't been tailor made for me and you. We use all the same code - every bit/byte is identical.
Only our local settings differ (and our upstream Internet connection).
So, your - default settings ! - pfSense would work fine for me. Because mine works fine for me.