Firewall blocking live stream

higginscomputer · Mar 18, 2019, 5:41 PM

I just started supporting a business using pfsense, I'm new to it. One of the employees is trying to watch a live stream from NBC Sports (he pays for a subscription). The stream will not load. I've tried it on several machines on the network with the same results. When I connect a machine to a hot spot outside the work network, the stream works. All signs are pointing to pfSense. Is there any way to troubleshoot this issue? Thanks!

bmeeks · Mar 18, 2019, 11:48 PM

@higginscomputer said in Firewall blocking live stream:

All signs are pointing to pfSense. Is there any way to troubleshoot this issue? Thanks!

With the amount of information you gave us in your original post, "no", there is no way to troubleshoot this issue.

We need to know what version of pfSense is being used, what (if any) packages are installed, how the pfSense box connects to the Internet (DHCP on WAN, PPPoE on WAN, double-NAT behind some ISP router, etc.) and of course what the Internet download speed is.

Some wild guesses based on what I've seen before:

If WAN is PPPoE, then MTU is likely wrong;
Possibly there is a duplex mismatch between the pfSense box's physical WAN port and whatever device it connects to for upstream connectivity;
You have installed some package that is responsible for the blocking;

Post up some useful configuration information including a screenshot of any firewall rules you have configured and folks here can take a shot at helping you.

higginscomputer · Mar 19, 2019, 8:21 PM

Thanks for the reply. As stated in my message, I'm new to pfsense. Here's what I can tell you.
Version:
2.4.4-RELEASE-p2 (amd64)
built on Wed Dec 12 07:40:18 EST 2018
FreeBSD 11.2-RELEASE-p6

Our internet connection is not PPPoE

list of installed packages:

Acme 0.5.3
Cron 0.3.7_3
pfBlockerNG 2.1.4_16
RRD_Summary 2.0
Shellcmd 1.0.5_1
snort 3.2.9.8_4
Squid 0.4.44_7

Please let me know any other info that can be helpful.

bmeeks · Mar 19, 2019, 8:31 PM

@higginscomputer said in Firewall blocking live stream:

Thanks for the reply. As stated in my message, I'm new to pfsense. Here's what I can tell you.
Version:
2.4.4-RELEASE-p2 (amd64)
built on Wed Dec 12 07:40:18 EST 2018
FreeBSD 11.2-RELEASE-p6

Our internet connection is not PPPoE

list of installed packages:

Acme 0.5.3

Cron 0.3.7_3

pfBlockerNG 2.1.4_16

RRD_Summary 2.0

Shellcmd 1.0.5_1

snort 3.2.9.8_4

Squid 0.4.44_7

Please let me know any other info that can be helpful.

At least two packages on this list could be the source of streaming content blocking depending on how you have them configured.

Is Snort or pfBlockerNG showing any blocks? If so, do the IP addresses match up with those of the streaming content sites you say are not working?

I don't mean this to sound rude and I'm not trying to be flippant with you, but if you can't tell what is blocking a particular datastream on a firewall, then with all due respect you are not yet qualified to be configuring firewalls to protect other peoples' networks or businesses. It's OK to learn the art on your own network (and especially your home network), but it's another thing entirely to be trusted to properly configure a firewall to protect a commercial entity such as a business.

The very first thing I would do is disable all of those packages you have installed, then see if streaming works. Slowly add the packages back one-at-the-time to see which one breaks the streaming. Then troubleshoot from there.

higginscomputer · Mar 19, 2019, 8:33 PM

@bmeeks
You may not mean to sound rude or flippant, but you're doing a very good job of it. I did NOT set up the firewall. I inherited the setup. I'm TRYING to learn how to use it. That is why people come to forums like this, to learn. I'm glad you were born with this knowledge and didn't have to read or ask questions. I'm sorry you have to deal with unqualified people like me.

bmeeks · Mar 19, 2019, 8:42 PM

@higginscomputer said in Firewall blocking live stream:

@bmeeks
You may not mean to sound rude or flippant, but you're doing a very good job of it. I did NOT set up the firewall. I inherited the setup. I'm TRYING to learn how to use it. That is why people come to forums like this, to learn. I'm glad you were born with this knowledge and didn't have to read or ask questions. I'm sorry you have to deal with unqualified people like me.

I truly did not mean to be rude, but I feel the need to be honest. I was not born with the knowledge I have. I learned it from training, Google research (by searching for and reading tutorials) and by trial and error on my personal network. It is knowledge I gained from years of study and work (over 25 of them). I don't mean you can't learn, but if you inherited this and are trying to maintain it for a customer, I suggest you contract out the support for a while to someone experienced in firewall configuration and use the opportunity to learn from them.

And, since it is a pfSense firewall, you have the option of purchasing support from the Netgate team. Here is the link: https://www.netgate.com/support/.

KOM · Mar 19, 2019, 8:58 PM

Squid can also cause problems for some streaming sites. I would disable the lot of them and see if the problem persists. Assuming it then subsequently works, enable the packages one by one and test again until you find the definitive culprit.

johnpoz · Mar 20, 2019, 2:37 AM

Sorry but being new to pfsense, you should not be installing IPS and Proxy and pfblocker out of the gate! As stated by bmeeks already.. Remove them and ramp up to using those advanced features.

IPS for sure is not something you click and run with it. And to be honest pfblocker has become almost too powerful for the less experienced user..