I have no internet access to sites other than Google & youtube through pfSense?

mateusscheper

I'm new at pfSense, but I would check my firewall logs and try to traceroute some sites from the webgui.

Status > System Logs > Firewall
Check if when you enter a link, it gets blocked (press F5 to update);

Try "tracert insersitehere" from Windows CMD (traceroute if Linux);
Try tracertoute from pfSense webgui itself: Diagnostics > Traceroute;

You can disable the firewall to see if something works:
System > Advanced > Firewall & NAT > Check "Disable Firewall"

As I said, I'm new to pfSense, so if something does not work, we can try something else. :)

Pagger

When disabling the Firewall, I also disable NAT, and I can't ping out no more, I can't watch videos on youtube or anything, basically no connection.
So my best bet is that its the firewall blocking connections

I tried getting the logs you asked for, aswell as posting my Firewall rules and Nat setup, hopefully this helps.
I do see all the blocked connections, so I assume this is the problem, but I have no idea what is causing it.

https://imgur.com/a/gr5CLUl

I can try a tracert, but I assume it works, since I can ping out from both hosts on lan and pfSense.

mateusscheper

Maybe you have to set a rule to allow connections from your router to pfsense and from pfsense to PCs.
I have two: allowing everything on all ports to 192.168.1.3:80 (pfsense) and another rule saying the same, but to port 443. (I used easy rule)

Try to tracert to sites that does not work to see if where the packages stops.

Pagger

I have 1 rule on WAN, and one one LAN that should allow everything

TraceRT don't seem to be a problem.
https://imgur.com/a/v1DUHc6

mateusscheper

I'm sorry, but I'm out of ideas. :(
Let's wait for someone else.

AndyC

@pagger said in I have no internet access to sites other than Google & youtube through pfSense?:

I have 1 rule on WAN, and one one LAN that should allow everything

TraceRT don't seem to be a problem.
https://imgur.com/a/v1DUHc6

Remove that WAN any/any rule. Go do that now.
From the nslookup output it seems you are not using pfsense for DNS. What does your DNS setup look like?

Pagger

@andyc My DNS setup is is: 2 Windows DC's with DNS, one at 10.1.0.20 and the next et 10.1.0.21.
Clients are set to use those and primary/sencondary DNS, and both of the servers have 10.0.0.1 (pfSense LAN IP) set as a forwarder.

Do you want me to delete the file because it's bad practice, or because It's part of the problem?:p

motific

@pagger because you’re using AD, your DNS is correct. Client machines use the AD DNS and that should forward to pfSense (so you can use things like pfBlockerNG).

motific

The block rule shows that it was dropping traffic from 10.0.0.1 to 10.0.0.24.

What have you got in system>routing and what packages are you running?

Pagger

@motific Under Gateway i have DHCP and It shows my WAN IP, nothing is set under static rouges og Gateway groups.

I got the following services running:
Dpinger
Ntpd
Syslogd
Unbound

saquibahmed42991

@pagger i disable my WAN ipv6 and everything is solved .