Unable to browse certain websites

tscengr

Sorry for the incomplete info. The reason why it lead me to DNS is because when I statically assign Google DNS it went through. Currently the DNS server assigned on the Netgate 3100 are the following:

208.67.222.222 - OpenDNS
208.67.220.220 - OpenDNS
8.8.8.8 - Google DNS

I did a Diagnostics > DNSLookup and the screenshot shows below

Robert_Markel_-DAL.RMWBH.com - Diagnostics_ DNS Lookup.png

Also, they have a branch office and issue is not happening but it does have a response for 127.0.0.1 not like the uploaded image where it shows 'No Response' for 127.0.0.1

Already rebooted the pfsense hardware but still the same

Jeff

tscengr

@SteveITS said in Unable to browse certain websites:

@tscengr see https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.html

Any info would help. DNS correct or no? Squarespace, by chance?

Hardware is: NetGate 3100

stephenw10

Ok, so localhost there (127.0.0.1) is not responding. That's Unbound on the firewall which is what LAN side clients are passed to use by default.

So is Unbound running? Check Status > Services.

Is it using the default settings?

tscengr

@stephenw10

I just did another DNSLookup and this time it now has a response. I went to Dagnostics > Services and UNbound DNS Resolver has a green check though I didn't check this earlier since newbiew to pfsense/ Let me ask if it's now working or still an issue. Thanks for all the help

Jeff

tscengr

@stephenw10

even though it now shows a response, still unable to browse the site.Unbound is running and has a green check

Jeff

stephenw10

Ok, so is DNS failing at the client?

What error is shown when you try to go to the site?

tscengr

@stephenw10

For some reason this morning, it suddenly worked. Really odd situation but thanks for all the help,, may need some video trainings for future tickets I think

Jeff

SteveITS

@tscengr The reason I asked about Squarespace is because I've been fighting an issue for a few weeks where my home and office cannot connect to Squarespace-hosted sites using HTTPS. Specifically, these IPs:

ext-sq.squarespace.com. 151     IN      A       198.185.159.145
ext-sq.squarespace.com. 151     IN      A       198.49.23.144
ext-sq.squarespace.com. 151     IN      A       198.185.159.144
ext-sq.squarespace.com. 151     IN      A       198.49.23.145

I can ping them and HTTP works, but HTTPS fails to connect (times out). We accidentally found it started working late yesterday afternoon, but is not working now. I am confident it's not pfSense related, nor PC related since it happens on phones as well.

SteveITS

@SteveITS Sigh, well now that I posted that, I finally tracked it down. Squarespace web server IPs are in the https://raw.githubusercontent.com/jpgpi250/piholemanual/master/DOHipv4.txt list for blocking DoH servers.

Uglybrian

@steve, I had the same problem, with that exact list five weeks ago. For me it was blocking sdisf.com. Needless to say, I looked for a new doh list to use.

SteveITS

@Uglybrian Thanks. Yeah that list just consolidates other lists without editing, but that's disappointing. There are a few Closed issues on the Github site for specific IPs but "all of Squarespace" is a pretty big target.