URGENT: Can't use any website with HTTPS…. (Port 443)

matt224

Hi Everyone,

I'm in need of some help, I have spent hours and hours on this and hopefully someone will have the answer for me.

I can't use any website with HTTPS despite adding this to the firewall My config is below. Most people say on the forums that 443 is open by default?

I'm using 2.0 RC3 - and i really need to get this to work ASAP.

Regards
Matt

rancor

What kind of error message do you get?

matt224

Hi Thanks for your reply,

Basically I get no error message just page can not be displayed, its really baffling me!

matt224

Any suggestions anyone?

I kind of need the to work soon as possible, 443 seems to be working fine on the WebGUI just can use it on any other website…..

Cheers
Matt

GruensFroeschli

Did you create a NAT portforward to access the GUI from the outside?

matt224

No did I need to?

the onlything I've changed is the admin port which works fine to 567.

Maybe this is a bug ? I'm running 2.0 RC3 - Could someone else test that they can browse to websites using Https??

Regards
Matt

GruensFroeschli

Believe me, if your problem was acutally a bug, we'd see a lot more threads here about this.
And yes, about anyone using pfSense can browse to websites using https.
There's no difference between https and anything else… it's just TCP connecting as far as pfSense is concerned.

Somehow i believe your problem not related to pfSense at all.
Have you tried to connect your computer to the internet directly?

matt224

Thanks for confirming that this is not a bug, I have checked the STATES and this is what I'm getting:

tcp  141.92.131.9:443 <- 192.168.1.107:52990  CLOSED:SYN_SENT 
tcp 192.168.1.107:52990 -> 141.92.131.9:443 SYN_SENT:CLOSED

I have checked another computer on my network that is using the same route to the internet as the pfsense server and https sites work. Therefore I know this is not a problem with my internet connection and there must be an issues with the pfsense.

Regards
Matt

Metu69salemi

@matt224:

I have checked another computer on my network that is using the same route to the internet as the pfsense server and https sites work. Therefore I know this is not a problem with my internet connection and there must be an issues with the pfsense.

Does this mean, that in the same subnet is another computer what can browse internet normally and uses pfsense as gateway also?
What does packetcapture/firewall logs say?

matt224

No, The computer is on the same subnet but I simply wanted to check that my internet connection was working fine with using HTTPS:// and it did work fine. So I can rule out there any problems on my network as the previous guy suggested.

Which seems that it's something to do with pfsense - I checked the Firewall log and it showed no indication of any problems.

Metu69salemi

Are you having manual outbound nats?

As an example:
I had one setup where one subnet didn't work two others did. I had put manual outbound nats, each subnet had own public ip. After few posts with wallabybob "we" found the problem.
Same public address were given to modem and that catched replied traffic to itself.
So thats why i asked packetcaptures

matt224

Hi Metu69salemi,

I've just left it set to automatic, But I'm open to suggestions. I checked packetcapture and i could see the site getting requested from the IP address of my pfsense box.

Could you detail the steps that you tried?

Regards
Matt

Metu69salemi

Can you see any replies from that site?

matt224

Ok here is the result,

The site that requires 443 is http://www.natwest.com
10.18.52.16 is the WAN NIC on the pfsense
10.18.52.9 is my gateway

For some reason on line 70 it says that the http has moved?

Metu69salemi

Something to read about: http://www.checkupdown.com/status/E302.html
Something more: http://www.google.com/support/forum/p/Webmasters/thread?tid=024ead20b6787856&hl=en

Only one thing bothers me, you said that only one client is having this problem. What about browser setups with these computers(working and non-working version)

matt224

Thanks for the update I will have a look at the links provided, much appreciated.

In response to your question, sorry all clients on the pfsense network are unable to browse to https://sites.

inflamer

Matt,

was that packet capture taken on the LAN or WAN interface of your pfsense?

If it was taken on WAN, it might look like 443/tcp is being filtered upstream, since the TCP SYN is never responded to.

I don't understand however why the destination address of the HTTP GET is 10.18.52.9 (Your pfsense), the destination address for that packet should be 155.136.80.213 (www.natwest.com). If you perform an nslookup on www.natwest.com from your PC, what address does that hostname resolve to? Do you by any chance override DNS in any way?

• Andreas