Unable to browse certain websites
-
@tscengr see https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.html
Any info would help. DNS correct or no? Squarespace, by chance?
-
Yes, more info required.
What pointed you to a DNS problem? Sites fail to resolve at clients behind pfSense?
Try Diag > DNS Lookup in pfSense. Do the same sites resolve on everything configured there?
What hardware device are you using?
Steve
-
Sorry for the incomplete info. The reason why it lead me to DNS is because when I statically assign Google DNS it went through. Currently the DNS server assigned on the Netgate 3100 are the following:
208.67.222.222 - OpenDNS
208.67.220.220 - OpenDNS
8.8.8.8 - Google DNSI did a Diagnostics > DNSLookup and the screenshot shows below
Also, they have a branch office and issue is not happening but it does have a response for 127.0.0.1 not like the uploaded image where it shows 'No Response' for 127.0.0.1
Already rebooted the pfsense hardware but still the same
Jeff
-
@SteveITS said in Unable to browse certain websites:
@tscengr see https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.html
Any info would help. DNS correct or no? Squarespace, by chance?
Hardware is: NetGate 3100
-
Ok, so localhost there (127.0.0.1) is not responding. That's Unbound on the firewall which is what LAN side clients are passed to use by default.
So is Unbound running? Check Status > Services.
Is it using the default settings?
-
I just did another DNSLookup and this time it now has a response. I went to Dagnostics > Services and UNbound DNS Resolver has a green check though I didn't check this earlier since newbiew to pfsense/ Let me ask if it's now working or still an issue. Thanks for all the help
Jeff
-
even though it now shows a response, still unable to browse the site.Unbound is running and has a green check
Jeff
-
Ok, so is DNS failing at the client?
What error is shown when you try to go to the site?
-
For some reason this morning, it suddenly worked. Really odd situation but thanks for all the help,, may need some video trainings for future tickets I think
Jeff
-
@tscengr The reason I asked about Squarespace is because I've been fighting an issue for a few weeks where my home and office cannot connect to Squarespace-hosted sites using HTTPS. Specifically, these IPs:
ext-sq.squarespace.com. 151 IN A 198.185.159.145 ext-sq.squarespace.com. 151 IN A 198.49.23.144 ext-sq.squarespace.com. 151 IN A 198.185.159.144 ext-sq.squarespace.com. 151 IN A 198.49.23.145
I can ping them and HTTP works, but HTTPS fails to connect (times out). We accidentally found it started working late yesterday afternoon, but is not working now. I am confident it's not pfSense related, nor PC related since it happens on phones as well.
-
@SteveITS Sigh, well now that I posted that, I finally tracked it down. Squarespace web server IPs are in the https://raw.githubusercontent.com/jpgpi250/piholemanual/master/DOHipv4.txt list for blocking DoH servers.
-
@steve, I had the same problem, with that exact list five weeks ago. For me it was blocking sdisf.com. Needless to say, I looked for a new doh list to use.
-
@Uglybrian Thanks. Yeah that list just consolidates other lists without editing, but that's disappointing. There are a few Closed issues on the Github site for specific IPs but "all of Squarespace" is a pretty big target.