Whats wrong with my setup? Running since early 2021

usaevo7

Issues have been popping up lately that I cant seem to resolve and there is not much information available about them. Im running the latest 2.70 and have just a few packages installed like pfBlockNG-devel, suricata, openVPN, nmap, and ntopng (openvpn and ntopng are both disabled). For the most part the router works and serves internet traffic fine all day ever day but I hit a snag on certain websites that should work but for whatever reason dont and I dont know why. Ive recently started getting PR_END_OF_FILE_ERROR in firefox and ERR_SSL_PROTOCOL_ERROR in chrome for common safe sites like sourceforge.net (github.com loads fine). Firefox cant download updates either from https://addons.mozilla.org/en-US/firefox/. They always ping fine so connectivity is not an issue. I dont think this is a DNSBL related issue. Im trying to prevent making things worse in the process to fix this because its an activate business but I have access and control to test whatever I need to. Just not sure how to tackle this one. Any help is appreciated and I know you will likely need more information or specifics.

stephenw10

@usaevo7 said in Whats wrong with my setup? Running since early 2021:

I dont think this is a DNSBL related issue.

It probably is. Try disabling pfBlocker and retesting to confirm.

Steve

usaevo7

With both DNSBL Service and Firewall filter service disabled, I then ran "ipconfig /flushdns" and still have the same issue. Any other thoughts? Could it be a rules based issue? Maybe something to do with our domain? It seems like the issues are mainly related to security certs and encrypted connections because logging in with a brand new computer to O365 fails (i have to enable legacy support). Is it possible there is a pfsense firewall setup issue that is blocking certs or mishandling them?

johnpoz

@usaevo7 said in Whats wrong with my setup? Running since early 2021:

Is it possible there is a pfsense firewall setup issue that is blocking certs or mishandling them?

NO since pfsense has no clue to if your moving data or a cert

suricata

Now an IPS could mess with traffic that triggers some rule..

When you say you turned off filtering? That doesn't seem like a good idea.. Your not natting with pfsense? There is no way to turn off pfsense firewall and still nat traffic. So your routing public IP space through pfsense?

stephenw10

Not by default. pfSense does nothing with https traffic unless you have installed Squid in full intercept mode. Usually when you see cert errors like that it's because traffic is being redirected to the wrong server. Like for example when something is resolved to the DNS-BL ad-replacement pixel server.

usaevo7

@johnpoz said in Whats wrong with my setup? Running since early 2021:

When you say you turned off filtering? That doesn't seem like a good idea.. Your not natting with pfsense? There is no way to turn off pfsense firewall and still nat traffic. So your routing public IP space through pfsense?

I mentioned this based on these two services running which I had stopped in order to test. We are not doing any NAT. The only rules there are there from DNSLB if any.
pfb_dnsbl pfBlockerNG DNSBL service
pfb_filter pfBlockerNG firewall filter service

usaevo7

@stephenw10
Can you elaborate on how I confirm this is or is not the issue?

johnpoz

@usaevo7 did you setup squid, do you even have it installed? If not then its pretty confirmed..

As to pfblocker - do you have any auto rules setup with it? remove them, turn off pfblocker - if you have no rules setup with pfblocker, and you don't have it enabled then its pretty confimed its not pfblocker.

Uninstall if you want.. There is nothing in pfsense, other than a proxy setup to intercept ssl, that would do anything with ssl traffic. Other than some IPS that is tripping some rule you have enabled. pfblocker could block stuff either based of dns query you made returning the wrong IP (ie blocked) or via some firewall rule using it to prevent access to some IPs.. But its simple enough to disable all of that..

NollipfSense

@usaevo7 said in Whats wrong with my setup? Running since early 2021:

Firefox cant download updates either from https://addons.mozilla.org/en-US/firefox/.

Addons...did you enabled wildcard blocking?
Wildcard Blocking (TLD)Enable
This is an Advanced process to determine if all Sub-Domains should be wildcard blocked for each listed Domain.
Click infoblock before enabling this feature!

stephenw10

@usaevo7 said in Whats wrong with my setup? Running since early 2021:

@stephenw10
Can you elaborate on how I confirm this is or is not the issue?

Disable pfBlocker entirely, don't just stop the services, then retest.

usaevo7

Thanks to everyone for helping with possibilities. I found the culprit in this case was Comcasts hardware and their "security edge" setup was blocking "download" sites which somehow the few I mentioned above were included as. Not sure why Firefox.com is a download website but thats what was preventing connection in order to update. So yes, everyone was correct and it was not a pfSense issue so thanks. Im looking into putting the router into Bridge mode as Ive seen recommended elsewhere on this site to prevent any similar issues in the future.

stephenw10

Ouch. Nice catch!