Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Some websites not responding

    Scheduled Pinned Locked Moved General pfSense Questions
    18 Posts 6 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KOMK Offline
      KOM
      last edited by

      WAN/LAN connectivity is usually an all-or-nothing deal.  I can't even fathom how the firewall would decide to selectively break some websites, but only on some of your clients.  No caching involved such as Squid?

      1 Reply Last reply Reply Quote 0
      • E Offline
        ethit
        last edited by

        No squid, no packages installed at all. Just the base system configured with bridging, that's it.

        It seems really bizarre to me as well. I can only think that there must be something specific to that traffic that is causing some sort of failure, but I can't figure out how to track it down.

        e

        1 Reply Last reply Reply Quote 0
        • KOMK Offline
          KOM
          last edited by

          I'd start at the back end.  You have clients that consistently fail to render a site that is fine in other clients?  What is different between these clients?  What's different between sites that always works and problem sites (eg HTTPS)?  Are you allowing IP6?

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            um if your trying to use pfsense as transparent bridge firewall.  Then there really wouldn't be a wan would there?  It would be a bridge interface..  pfsense would not be the dns server normally in such a setup, etc.  And by default I don't even think it firewalls traffic over a bridge.  Don't you have to that?

            What guide did you follow to setup this sort of setup?

            What if you just let pfsense do its thing and route and nat the connection?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • K Offline
              kejianshi
              last edited by

              haha - So we are now finding out pfsense is in some bizarre configuration?

              1 Reply Last reply Reply Quote 0
              • E Offline
                ethit
                last edited by

                johnpoz,

                Looks like you found me the magic bullet. In the guide I used for the bridging setup, it did have me turn on filtering on the bridge interface (net.link.bridge.pfil_bridge=1). I had assumed that was required for bridging, but apparently not. I've set that back to default, the bridging still works and I am still able to set firewall rules and limiters, etc. Craigslist is also now responding. I think that's got this problem solved. Now to find new, more exciting problems.

                Kejianshi, I did mention in my first post that I was using a bridged setup.  :)

                Kejianshi, KOM and johnpoz, thank you all so much for your help. This is a great community and I'm glad I found my way here.

                e

                1 Reply Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  Without even looking at the guide - can tell you its dated, link says 2.0.1, your on 2.2 are you not?  Shitload of changes since 2.0

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • E Offline
                    ethit
                    last edited by

                    Yeah, I am on 2.2. I searched, but I didn't find any newer guides. Everything I found on setting up bridging was 2.0 or older. Is there a newer, better way of doing bridging?

                    e

                    1 Reply Last reply Reply Quote 0
                    • B Offline
                      bob76535
                      last edited by

                      Paul,

                      Did you ever find a resolution for this issue? We just deployed a brand new pfsense firewall (2.2.1) this morning and we have the exact same issue.

                      All API calls fail form servers behind the firewall. Its a transparent bridge setup with all public IPs (no NAT no DHCP).

                      Thanks

                      1 Reply Last reply Reply Quote 0
                      • dennypageD Offline
                        dennypage
                        last edited by

                        Call this a shot in the dark…

                        I had a great deal of problem with a handful of sites after I upgraded from 2.1.5 to the 2.2 beta. My problem turned out to be excessive & unexplained IP fragmentation occurring somewhere between the remote site and the firewall. For some reason, 2.1.5 had no problem with this, but in 2.2 did. Setting the "Clear Invalid DF bits" did not address the problem.

                        In the end, what fixed my issue was to clamp the media segment size to 1400 on the WAN interface. You might give clamping a try and see if it has any effect.

                        1 Reply Last reply Reply Quote 0
                        • B Offline
                          bob76535
                          last edited by

                          Just tried that. It did not work.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.