Update from 2.2.3 to 2.3.1 blocks access to many websites, but not all



  • Upgraded PFSenses last night without any apparent issues, the new interface looks good.  The old version worked fantastic.

    But today we only have access to some websites.  Gmail, Facebook and here, but most others seem "blocked" or inaccessible.  I have not found anyone else with this issue in a forum search.

    On the front Dashboard however, where it lists DNS it lists the Loopback 127.0.0.1 first. however, when I go under the configuration page for DNS Servers.  Are some queries been routed somehow through the loopback?

    Never had this issue before, where do I start to troubleshoot this?  The natives are not happy.



  • So my DHCP Server on pfSense is handing out IPV 6 DHCP addresses, but its not set this way to do so. I have checked my other servers and none of them are running DHCP to create a conflict.  How do I ensure DHCP on pfSense is only handing out Ipv4 addresses, when all the check boxes are correctly marked?



  • As a temp solution, I enabled the IPV 6 Pass ALL rule, however, the Firewall is still blocking most Ipv6 outbound traffic.  How do I get this rule to stick?



  • I have through my network and logfiles in some increased detail.  there is nothing in my network of computers configured incorrectly.  pfSense is translating outgoing Ipv4 requests into IPv6 requests.  The universal Allow All outgoing IPv6 rule is not working, as are many other rules using any "all" field.  Outgoing requests are being blocked that should not be.  The only rules that are working are rules specific to each machine and destination.  I was able to get some connection to some sites, but only by adding quick rules for every single outgoing page request.

    I had of course previously turned off all unnecessary services, and restarted the box.  And went through the settings with a fine tooth comb.

    I will have to come back in and work at night to reinstall pfSense 2.2.3 tonight unless someone suggests a version that is better.



  • @Amuzed2pieces:

    So my DHCP Server on pfSense is handing out IPV 6 DHCP addresses, but its not set this way to do so. ….

    You are aware of the fact that a IPv4 DHCP server doesn't know anything about IPv6 addresses ?
    The IPv6 server is another service (Services >> DHCPv6 Server & RA >> LAN >> DHCPv6 Server), not enabled by default.

    On what interface did you :

    As a temp solution, I enabled the IPV 6 Pass ALL rule
    


  • I wonder… Is your WAN IPv6 ready (ISP supports it) ?

    On Windows, Internet Explorer will timeout badly if a site has IPv6 support (Ex: Google, Facebook...) and you don't.

    AFAIK, browsers like Google Chrome or Mozilla Firefox will fallback automatically to IPv4 after 1 second, when IPv6 does not respond in that time frame.

    The "fix" would be, on pfSense, disabling (setting to 'None') the IPv6 configuration on WAN and LAN interfaces.

    Regards,
    Jorge M. Oliveira





  • yes, that is what makes it so mystifying

    @Gertjan:

    @Amuzed2pieces:

    So my DHCP Server on pfSense is handing out IPV 6 DHCP addresses, but its not set this way to do so. ….

    You are aware of the fact that a IPv4 DHCP server doesn't know anything about IPv6 addresses ?
    The IPv6 server is another service (Services >> DHCPv6 Server & RA >> LAN >> DHCPv6 Server), not enabled by default.

    On what interface did you :

    As a temp solution, I enabled the IPV 6 Pass ALL rule
    


  • it is set to "none" already, I verified thinking the very same thing.

    @JorgeOliveira:

    I wonder… Is your WAN IPv6 ready (ISP supports it) ?

    On Windows, Internet Explorer will timeout badly if a site has IPv6 support (Ex: Google, Facebook...) and you don't.

    AFAIK, browsers like Google Chrome or Mozilla Firefox will fallback automatically to IPv4 after 1 second, when IPv6 does not respond in that time frame.

    The "fix" would be, on pfSense, disabling (setting to 'None') the IPv6 configuration on WAN and LAN interfaces.

    Regards,
    Jorge M. Oliveira



  • thanks, yes, it seems to be the same issue.  I did have squid running prior to update, but disabling squid doesn't seem to resolve it.

    @spittlbm:

    Similar issue reported here

    https://forum.pfsense.org/index.php?topic=112286.0



  • Try uninstalling Squid and reinstalling it.