Installed 2.3.2-RELEASE and I can't open websites unless I put https in front

  • hi, I just installed the latest version into an esxi machine. everything is working well, except when I try to open a website it will give me a "This site can't be reached" error, but if I place https in front, it'll work. The big issue, is for sites that don't have https, I can't open them at all! I haven't installed a single package, so squid or anything like it isn't an issue.

    Is there a settings I'm missing that either will allow redirects or do I need to edit something to allow me to access websites that are only being hosted on port 80?

    Please help!


  • never heard of a default install that exhibits that behaviour. don't know of any setting that could change that.

    only thing i can think of is that you create a rule to block http

  • I understand the "weirdness" but it's an installation from scratch.. I haven't even created rules.. I'll try to reinstall it again, just in case. I'll post back with an update

  • LAYER 8 Netgate

    The default configuration simply will not behave that way. You have something else in your environment doing it.

  • I can understand that. I've installed pfsense countless of times and have never run into something like this. I just reinstalled a new pfsense from scratch and it's still doing the same thing. I'm comparing it to another fully working pfsense that I have, which has just about the same identical configurations, the only difference, at the top right corner I see the ipv4 address and an ipv6 address, but the one that is having the issue doesn't have ipv6 associated.

    Also, in the pfsesne that is having the issue, under diganostics > states I see  "WAN ipv6-icmp fe80::201:…...[902\ -> ff02::1[192] NO_TRAFFIC:NO_TRAFFIC 105/0  19KiB/0B

    I'm not sure if I'm on to something but does ipv6 have something to do with this..? I can't pull up and if I go to, it doesn't work but if I go to, it does. This is about the same with anything, if https is not present, it can't open.

    My current setup, I have pfsense running in vmware, I have two nics in the server. One that is connected directly to the modem and the other nic is connected to a switch. In pfsense, under the WAN interface, I've placed the mac address of the servers nic that is connected directly to the modem. Which as I said, is working, but is having that https issue. I have not added packages or any rules of any kind and it's a fresh install…..

  • Since this is so bizarre I'm going to just throw out a couple of things to see if anything sticks to the wall.

    1. Is this a mixed architecture install?  i.e. 32 bit on 64 bit hardware/VM or vise versa?

    2. Try a cURL command for http to see if the router itself is able to get the web page.

    3. By this time surely you've cleared browser cache and cookies.

    1. Get HttpWatch, or use browsers built-in tools to see if it reveals anything about requests and responses.

    1. Check gateways/routing etc. to make sure request are going through router/NAT.

  • I'm checking all those right now. But as a quick update I ran wireshark and this is what I'm seeing..

    For Connections on port 80 (highlighted in red in wireshark):

    3559 30.083953 TCP 60 80→49705 [RST] Seq=1 Win=0 Len=0

    But when it's on port 443 (not highlighted in wireshark):

    3373 28.806268 TLSv1.2 85 Encrypted Alert

    I'm starting to think it may be that I'm spooking the mac address of the physical server's nic into pfsense and port 80 is somehow blocking the port from coming in. Or at least that's what I'm understanding from [RST] and adding the mac address into the WAN configuration page…

  • LAYER 8 Netgate

    I have no idea why you're mucking about with MAC address spoofing but it shouldn't make any difference what port is in play. Screwed up layer 2 is pretty much an equal opportunity misconfiguration.

  • I figured it out, my vmware networking was all messed up. I had to rebuild the esxi server and that resolved the issue. Thanks for the multiple ideas and all the assistance, greatly appreciated!

Log in to reply