Connection Issues - Some sites work while others do not.

notjoe

@wallabybob:

You can use telnet to verify you can connect to a particular web browser, for example```
telnet

Once the connection completes type a line of text and see if the web server responds with HTML. Post the output here.

I've tried that. The connection times out :(

wallabybob

@notjoe:

However, when we go to our company websites hosted by an ISP

Just to clarify the configuration: you are accessing the company websites from computers downstream of a pfSense box. Are the webservers donstream of the same pfSense box? Do the offending web pages redirect to a web site downstream of the pfSense box or source anything from downstream of the pfSense box?

@notjoe:

@wallabybob:

You can use telnet to verify you can connect to a particular web browser, for example```
telnet

Once the connection completes type a line of text and see if the web server responds with HTML. Post the output here.

I've tried that. The connection times out :(

That suggests the web server is not accepting your connecting and not rejecting it. Some intervening firewall is quietly blocking it? The server itself is ignoring the connection attempt?

notjoe

@wallabybob:

@notjoe:

However, when we go to our company websites hosted by an ISP

Just to clarify the configuration: you are accessing the company websites from computers downstream of a pfSense box. Are the webservers donstream of the same pfSense box? Do the offending web pages redirect to a web site downstream of the pfSense box or source anything from downstream of the pfSense box?

@notjoe:

@wallabybob:

You can use telnet to verify you can connect to a particular web browser, for example```
telnet

Once the connection completes type a line of text and see if the web server responds with HTML. Post the output here.

I've tried that. The connection times out :(

That suggests the web server is not accepting your connecting and not rejecting it. Some intervening firewall is quietly blocking it? The server itself is ignoring the connection attempt?

So far you are correct.

What makes it odd is that every once in a while I can connect to those servers. If I set up a proxy on a outside network and use that I can connect to the website without problems.

What I even more strange is that I can connect to the website using windows  laptops but cannot on the Mac books, Mac computers, or my Ubuntu desktop. I setup tiny proxy on a FreeBSD machine at the office and I can connect to the website through that as well.

wallabybob

@notjoe:

So far you are correct.

I don't know how to interpret this. I asked a number of questions, most of which didn't receive a specific answer.

Klaws

@notjoe:

What I even more strange is that I can connect to the website using windows  laptops but cannot on the Mac books, Mac computers, or my Ubuntu desktop. I setup tiny proxy on a FreeBSD machine at the office and I can connect to the website through that as well.

Sorry, this is a stupid question, but…you didn't happen to accidently set up OS fingerprinting in your "LAN->any" rule?

Sorry, I do not want to imply stupidity on your end. Especially since the default/standard Lan->any rule doesn't allow setting of this option. But if you you have a set of non-standard pass rules (for example for some sort of filtering or traffic shaping), this could have happend. Um, probably not really accidently, since it requires like three clicks or so, but perhaps someone else got curious while you took a coffee break and the WebGUI was still open?

notjoe

@wallabybob:

Just to clarify the configuration: you are accessing the company websites from computers downstream of a pfSense box. Are the webservers donstream of the same pfSense box? Do the offending web pages redirect to a web site downstream of the pfSense box or source anything from downstream of the pfSense box?

You are absolutely correct. The website I am trying to access is downstream of the pfSense box. The websites does redirect but it redirects to the a different URI on the same domain which I am trying to access.

@wallabybob:

That suggests the web server is not accepting your connecting and not rejecting it. Some intervening firewall is quietly blocking it? The server itself is ignoring the connection attempt?

That is the assumption that I made as well but it could also be something on our end blocking the connections.

Now for some additional information:
We have unifi APs. If I use windows laptops I am able to connect to the website without issue. I have a freebsd box on the local network. If I set up a proxy server and use that then I can also connect to the website. My ubuntu desktop and the macs are the ones which seem to be having the issues connecting. That is why I do not believe that it is a problem of the ISP or the website itself but rather something strange which is going on with pfSense. I should also tell you that the Macbook Airs can't connect either (over wifi).

notjoe

@Klaws:

@notjoe:

What I even more strange is that I can connect to the website using windows  laptops but cannot on the Mac books, Mac computers, or my Ubuntu desktop. I setup tiny proxy on a FreeBSD machine at the office and I can connect to the website through that as well.

Sorry, this is a stupid question, but…you didn't happen to accidently set up OS fingerprinting in your "LAN->any" rule?

Sorry, I do not want to imply stupidity on your end. Especially since the default/standard Lan->any rule doesn't allow setting of this option. But if you you have a set of non-standard pass rules (for example for some sort of filtering or traffic shaping), this could have happend. Um, probably not really accidently, since it requires like three clicks or so, but perhaps someone else got curious while you took a coffee break and the WebGUI was still open?

We all make stupid mistakes every now and then but this time I don't believe it is user error creating the problem ;) I've never configured OS Fingerprinting. Infact, I've never seen such an option for that. My rules are pretty simple. I am forwarding 21 to the inside freebsd server. There are also 2 rules which pfSense set up by default and which I cannot remove.

Thanks for the suggestion thought!

notjoe

A factory reset and reconfigure of everything solved the problem.

Klaws

@notjoe:

A factory reset and reconfigure of everything solved the problem.

Interesting. Do you have a backup of your old configuration, so you can compare it to your new config?

notjoe

@Klaws:

@notjoe:

A factory reset and reconfigure of everything solved the problem.

Interesting. Do you have a backup of your old configuration, so you can compare it to your new config?

I do but I found some more optimal ways of configuring the network so I am not entirely sure how relevant comparing configs would be?

notjoe

I believe I may have found what was causing this issue. When I have IPSec enabled I seem to have issues connecting to the company website. With IPSec disabled things seem to be normal. Has anyone encountered something like this?