Amazon and LinkedIn Android apps do not go through PFSense router
-
@stephenw10 Hi - im was setting 1.1.1.1 but then did try 8.8.8.8 and it was still the same. Go with me here (as im next to useless with networking) but if you set DNS server "A" and not "B" then it should still be able to make it to where its going...or am i wrong ( i suspect i am)....
-
Where are you setting that address for DNS?
-
@stephenw10 Services>DHCP server and then in there....currently set to 1.1.1.1
-
Ok. Are you blocking access to other DNS?
Something there may be hardcoded and failing.
-
@stephenw10 If i am im not sure where im doing that (blocking DNS) - where do i look to see if i am.?
Just to add (and i dont know if it helps) the app will briefly load up then error...not sure if that helps....ie i briefly saw my orders then got the "oops" message...
-
You would have to be blocking it deliberately in the LAN side firewall rules or redirecting it as shown here:
https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.htmlCan you set another client to use a different DNS server and test that?
Are you sure there is no IPv6 on the clients hitting this?
Steve
-
@stephenw10 ok- went through and added the rule (im not really sure what im doing at this point but doing a monkey see monkey do) but its still the same....amazon on my laptop works fine though....
So, just tried it on my wifes Ipad and it works on there so, it could be my phone S9+ its not been rooted or reflashed but ill just try an app reinstall....strange that it does work on the 4g connection though....
-
@comfy Same with a reinstall....works on 4g no dice on the Lan
-
Using that redirect rule would more likely break this. I was pointing out you have to have that in place to break other DNS servers. You should remove it if you don't need that.
What if you don't pass any alternative DNS servers to the client and allow it to use the Resolver in pfSense?
If there's no change it's probably not DNS in which case my second best suspect is still IPv6. Check the phone does not have an IPv6 address.
Steve
-
@stephenw10 yeah = once i found out it didnt work i removed the rule....i did look on the phone and couldnt find any connectivity for ipv6 - would it just be easier to disable ipv6 on the pfsense.?
-
Yes you can. It will only hand out v6 if it has anything to hand out though.
Checking the phone verifies that.
Steve
-
@stephenw10 ok - wheres that setting on the PF ? i did go looking earlier on...as im new to it theres a multitude of settings...!
-
Services > DHCPv6 Server & RA.
With that disabled you can set the LAN interface IPv6 to 'none' rather than track WAN. Then you can set the WAN v6 to none.
Steve
-
@stephenw10 Thats it....disabled ipv6 but couldnt see the track wan option but, its working...brilliant! thanks very much for the help.
-
Ah, nice!
