Pfsense 2.0 RC1 & 2 blocking access some sites when not configured to

mr_dent

Hi,

After upgrading to RC1 and subsequent updates to RC2, I cannot access the netflix login page from my network. If I plug my laptop into my DSL modem directly, I can access no problem. I have absolutely no additional rules configured for the firewall. In the pftop display is the following in regards to the IP address for netflix… (192.168.1.3 is my laptop on my LAN and 208.75.76.17 is netflix). Ideas?

tcp       In  192.168.1.3:55021                             208.75.76.17:443                                TIME_WAIT:TIME_WAIT    00:04:24  00:00:43       67    27329
tcp       Out 192.168.1.3:55021                             208.75.76.17:443                                TIME_WAIT:TIME_WAIT    00:04:24  00:01:28       67    27329
tcp       In  192.168.1.3:55024                             208.75.76.17:80                               ESTABLISHED:CLOSING      00:03:43  00:14:28       22    13193
tcp       Out 192.168.1.3:55024                             208.75.76.17:80                                   CLOSING:ESTABLISHED  00:03:43  00:14:28       22    13193
tcp       In  192.168.1.3:55025                             208.75.76.17:80                               ESTABLISHED:CLOSING      00:03:43  00:14:28       22    13211
tcp       Out 192.168.1.3:55025                             208.75.76.17:80                                   CLOSING:ESTABLISHED  00:03:43  00:14:28       22    13211
tcp       In  192.168.1.3:55026                             208.75.76.17:80                               ESTABLISHED:CLOSING      00:03:43  00:14:28       22    13139
tcp       Out 192.168.1.3:55026                             208.75.76.17:80                                   CLOSING:ESTABLISHED  00:03:43  00:14:28       22    13139
tcp       In  192.168.1.3:55027                             208.75.76.17:80                               ESTABLISHED:CLOSING      00:03:43  00:14:28       22    13184
tcp       Out 192.168.1.3:55027                             208.75.76.17:80                                   CLOSING:ESTABLISHED  00:03:43  00:14:28       22    13184
tcp       In  192.168.1.3:55028                             208.75.76.17:80                               ESTABLISHED:CLOSING      00:03:43  00:14:28       22    13148
tcp       Out 192.168.1.3:55028                             208.75.76.17:80                                   CLOSING:ESTABLISHED  00:03:43  00:14:28       22    13148
tcp       In  192.168.1.3:55039                             208.75.76.17:80                               ESTABLISHED:CLOSING      00:02:44  00:14:23       20    11844
tcp       Out 192.168.1.3:55039                             208.75.76.17:80                                   CLOSING:ESTABLISHED  00:02:44  00:14:23       20    11844

jimp

Are you running squid or any other proxy package (HAVP, etc)?

mr_dent

The only package is was running was the Pfflowd package.

johnpoz

I recall a thread a while back where someone was having a hard time getting to a specific website,

And then set
Clear invalid DF bits instead of dropping the packets

Under firewall/net and then it worked.

Here is that thread
http://forum.pfsense.org/index.php/topic,35764.0.html