I'm missing something... trying to log into company web internally opens up firewall
-
@JLundberg said in I'm missing something... trying to log into company web internally opens up firewall:
did not get "reset" when I did the restore to ractory form the console.
Makes no sense... if your saying it resolves.. And you can get to other internet sites.. There would be nothing in a default install of pfsense that would say - nope going to let you get to IP address 1.2.3.4, but not this site on 4.5.6.7
And now your saying you can get there if you put in the IP.. So that points to it NOT resolving..
In pfsense -- do a dns lookup in pfsense?
-
@johnpoz
I'll try to make it more clear. I believe the misunderstanding is because some of my messages are from when I was at my office and others are from when I am at home.Right now I am at home. I work from home and my normal work "office" is in Baton Rouge about 35min away. My work is currently running a Sonicwall firewall the is on its EOL. I am wanting to replace it with a new NetGate SG-3100
I am doing all of my latest testings from home. With the NetGate not connected at home, I can open my browser, chrome, and I can connect to my works website with no problem using www.xenetech.com So it resolves correctly from my home when the netgate is not connected.
Now, I connect up my netgate 3100 at home via a console connection and select to do a factory reset. after some time it resets and is ready to go. I then disconnect my laptop from my home network and connect it to the newly reset sg-3100. I type in 192.168.1.1 and log into the 3100 I proceed with the generic wizard setup. I select DHCP for the WAN and 192.168.100.1 for the LAN. everything else is just the defaults, no nats nothing. I then proceed to connect my home LAN to the WAN of the netgate and my laptop to the LAN of the netgate. I open chrome and I can get to any site I want to except www.xenetech.com
Yes, you are correct. This makes no sense. I should be able to get to any site that worked before I connect the netgate. This is why I'm saying something must not be getting released/reset from my original setup try while I was at my work when I first tried to set this up on site. I went into my work a couple of weeks ago and tried to set this up. There were several places where I believe I mistakenly put in my website address when I should have only put in my domain name.
ever since that first setup try I've had nothing but problems.This is why I am going to try a USB flash restore to set the box truly to factory (I hope) Now I may be mistaken and just a stupid when It comes to working with the netgate but am I wrong in assuming that I should be able to get to xenetech.com from my home when going through the netgate from a fresh setup with the WAN set to DHCP and LAN set to a basic address? Netgate not Installed I can pull up xenetech.com, netgate installed I cannot.
I'll let you know what happens after the flash of the firmware.
Regards,
-
@JLundberg:
This behavior would indicate to me that perhaps there is a lingering definition somewhere in the DNS Resolver configuration on the SG-3100 that is pointing to the internal web address of your web server. I would expect the factory reset to get rid of that, but perhaps it's not doing so for some reason. Setting the domain name within the SG-3100 (and potentially within the DNS Resolver) like you did may also come into play here.Log into the SG-3100 web GUI and then go to DIAGNOSTICS > DNS LOOKUP and then attempt to lookup www.xenetech.com. See what the firewall comes back with, if anything. On my personal firewall, that URL resolves to 70.169.64.116.
-
@bmeeks
The lookup always comes back fine.
Now get this. and this is my mistake for not trying earlier, however, I don't understand it... I tried using google again right after the lookup and it still did not go to the website. Then I tried Edge, it goes to it correctly. I can pull up my works website with Edge but not google. when the netgate is connected. If the netgate is not connected both work fine.
-
@JLundberg said in I'm missing something... trying to log into company web internally opens up firewall:
@bmeeks
The lookup always comes back fine.
Now get this. and this is my mistake for not trying earlier, however, I don't understand it... I tried using google again right after the lookup and it still did not go to the website. Then I tried Edge, it goes to it correctly. I can pull up my works website with Edge but not google. when the netgate is connected. If the netgate is not connected both work fine.
That really makes no sense to me. If the pfSense connection works for Edge, it should work with Chrome as the browser since pfSense itself is 100% browser agnostic.
With pfSense in the loop, you will have double-NAT, but that should not matter to the browser at all. Could you perhaps have been staring at this problem for too long and maybe you are now overlooking something that would otherwise be obvious ???
At this point you might want to do a packet capture on the WAN and LAN sides of the pfSense box and repeat your tests with Chrome and Edge. Compare the results. Maybe that will uncover the issue.
-
@bmeeks very good answer! Thanks,
-
@bmeeks
I'll have to look at the packet capture to see what is going on at this point. I set everything up this morning again fresh with just the very basic default settings on the netgate box and this is what I have found. no netgate installed on my home network I can connect to my site with chrome and edge. put in the netgate and only edge will see my site. I tried to do a reinstall from the flash image and it gave me ad error not being able to read the drive. I followed the support link and used the program they suggested to image my flash drive and it did fine even it's test said it was fine. So I'm now looking for a new flash drive to retry to redo the image.I know you guys think I'm missing something simple because what I'm telling you just can't happen... Well if it can it will happen to me. I really can't tell you any more then what I have and I almost went through writing my last couple messages as I was doing it here at the house. I don't know how much more of a basic setup I can get. I'll shutup :-) once I'm able to get a new inage on my box to see if that has anything to do with something residule not being reset.
But like you said, the browsers are supposed to be 100% agnostic. so something is going on here. if I can do a lookup and it comes back fine then why shouldn't both browsers act the same.
Thank you for all your comments. I will do a packet capture and see what's going on. too weird.
-
This post is deleted! -
This post is deleted! -
This post is deleted! -
This post is deleted!