Pfsense block some websites from LAN but same websites are opening from DMZ

KOM

Provide your pfSense version and any packages you have installed.

Muhammad Adil

version is = 2.2.5-RELEASE (amd64)
built on Wed Nov 04 15:49:37 CST 2015
FreeBSD 10.1-RELEASE-p24

![pfsense packages.jpg](/public/imported_attachments/1/pfsense packages.jpg)
![pfsense packages.jpg_thumb](/public/imported_attachments/1/pfsense packages.jpg_thumb)

KOM

I was expecting some packages like Snort or pfBlocker or something to account for the differing results, but that was not the case here.

OK, do both LAN and DMZ clients use the same DNS? Do you have any special firewall rules on LAN as compared to DMZ?

yaman.amin

I have same problem
from OPT interface networks , i can access everything if ia m using a win 7 devices . but if i use Linux or android or win 8 devices , i cann only access facebook .althogh these devices gets ip add and dns perfect from DHCP .
for more information about my estting :
1- OPT interface is used for WLAN access
2- DHCP server set on OPT interfcae <gateway is="" the="" static="" ip="" address="" of="" opt="" interface="" ,="" dns="" 8.8.8.8="" in="" addition="" to="" the ="">3-as firewall interface , i letevery thing allowed , no restrictions.

any feedback please</gateway>

KOM

Well, if you guys could manage to actually supply some useful information, then perhaps we could help solve your problem. Post screenshots of your LAN & OPT1 interface details. Post screenshots of your LAN and OPT1 firewall rules. Post screens or details about your client network settings with regard to IP address, mask, gateway and DNS.

yaman.amin

In my case using Lnux , win 8 , android , just able to access facebook.although the clients get ip , dns , gateway exactly from dhcp server.
using win 7 evrything fine.
what could cause this problem.

WAN_FW.jpg_thumb

OPT_FW.jpg_thumb

LAN_FW.jpg_thumb
![DHCP_ON OPT.jpg](/public/imported_attachments/1/DHCP_ON OPT.jpg)
![DHCP_ON OPT.jpg_thumb](/public/imported_attachments/1/DHCP_ON OPT.jpg_thumb)

KOM

IN future, could you please strip out all that blank white space?

Are you running squid, squidguard, DansGuardian or any other package that can filter URLs? With your existing firewall rules, there is nothing to stop you from going anywhere that can resolve through DNS. I see you might be running Captive Portal (stuff like this is important to mention when asking for help), but I don't know much about that package.

yaman.amin

sorry for quick posting without revising.
yeah i am using captive portal , but at the moment of posting , i deactivate all captive portal features.
i am not using any package you mentioned.
i check the both http and https ports using nmap . the result was positive for both ports
as u mentioned , it suppose nothing to stop me go through . but it is really strange.
should i try another PFsense version?

KOM

I don't think it's a pfSense issue just yet. What is the exact error you receive when trying to visit any site other than Facebook?

yaman.amin

unable to upload the webpage , timeout….... , something like that
it looks like he starts to connect the page and then suddenly stopped or something stuck.

yaman.amin

I could solve the problem by adjusting the MTU on the desired interface to be around 1400 Bytes.

hope this information can solve your problem as well .