pfsense seems to be blocking out access to a banking site
-
Hi
I looking for some help resolving an issue I/we have when trying to gain access to our banking website. I am based in the UK, I have the Netgate 2100 device, we access the WWW using WiFi, and my ISP is EE's broadband(which I believe is technically BT's) The website in question is www.rbs.co.uk.
I can access the site via my mobile phone, manually type the URL, and not via the app, but for some reason or another when I use our two laptops I get the usual "Hmmm... Can't reach this page" message.
I have gone through the article/documentation - https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.html.
I changed a few settings as recommended but I was not able to access the listed site "See http://www.dslreports.com/faq/695" Not sure if this is relevant or a bad link maybe. (see pic above, highlighted in green)
I did a DNS Lookup, results -
and a second -
Plus I ran ping for each -
...and
I had a look at the System logs, and I assume what I am seeing means yes I do have a problem, example snippet -
I also have Kea DHCP selected - I did this after reading a post or documentation -
Hope this info is not overboard, or worst still, divulging my restrict details etc.
Its is only this site oddly, I can reach other locations without any difficulty. I also came across this post "pfsense blocking certain/some sites", and followed what I could on that article.
Finally, I am on release version 24.11, but I can not be 100% sure if the issue started soon after I installed the update which was about a few weeks ago.
Any pointers on what I need to be looking at would be greatly appreciated.
Many thanks
Chris -
Looking through that firewall logs snippet you posted I do NOT see any of your banking site IP addresses listed. Thus I would not immediately suspect pfSense itself as the problem here.
You don't state if you are running any optional packages. Are you? If so, a package might be responsible for the blocking.
You stated that access via WiFi using your phone worked. Does this WiFi go through your pfSense firewall or is it a completely separate pathway independent of the firewall?
Another place to look is your browser configuration. Are any browser extensions installed (ad blockers, for instance)? Those can be very site-specific when they cause problems.
-
@cxcmax odd that when you have IPv4 selected in your ping diagnostic - it is still pinging IPv6 address.
If you select ipv4 it should ping the IPv4 address, and if you select IPv6 then it should ping the IPv6 address
In your screenshot you have ipv4 selected, and its still pinging IPv6.
Try turning off IPv6 on your client - does it work then? At first glance there is something not right - if you tell pfsense to ping IPv4 - not sure why it would still be using IPv6?
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
@johnpoz said in pfsense seems to be blocking out access to a banking site:
odd that when you have IPv4 selected in your ping diagnostic - it is still pinging IPv6 address.
Good catch! I missed that. Yeah, something looks weird there for sure.
-
Well that changed things a little, unchecked and the website loaded -
Should this be uncheck as default, or does it mean I need to make adjustments elsewhere?
CC
-
@bmeeks
Hi thanks for the help, and for the logs I did not actually think about the IP address as I not familiar with them but I know I have a better understanding.cc
-
@cxcmax said in pfsense seems to be blocking out access to a banking site:
Should this be uncheck as default, or does it mean I need to make adjustments elsewhere?
that should be checked if you want to use IPv6.. if you uncheck it all ipv6 will be blocked. Even if you try and set it up to use it. This will quite often generate noise in the logs.. A better setup if you do not want to use IPv6, is just not set it up or have rules that allow it.
Set the ipv6 address on your interfaces as none.
So if you unchecked that and blocked all ipv6 - then your client would have to use IPv4 to get to that site. Maybe that site doesn't actually work on ipv6, or maybe you have a connectivity problem the network is on via IPv6?
-
