Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Website blocked until login to console

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 328 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      dcoens
      last edited by

      I'm a noob. I have a netgate SG-1100 and some web sites will not let me access to them even with a continual refresh of the browser. I then log into the pfsence console and goto ping and put the site it there. it come back as a good ping. Then on my browser, it will connect. I've had this happen on several occasions and several websites.

      1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan
        last edited by stephenw10

        Hi,

        You received the SG-1100, hooked it up WAN to WAN, LAN to LAN, changed the password, and you set up your WAN interface, the connection method, if needed.
        And that's it.

        It's useful to detail how you set it up. You being a noob (your words) does not dispense you from detailing. To the contrary, in fact.
        Right now, you give us room for just one answer : you made a mistake.

        You never touched DNS, you never saw DNS, you know it would work out of the box : you did not change anything. Nothing.
        It worked.
        Right ?

        @dcoens said in Website blocked until login to console:

        goto ping and put the site it there

        What is "the site" ? It's IP ? The URL ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by stephenw10

          Do you see the same thing if instead of ping you go to Diag > Test Port and run a test against that same site on port 80 or 443?

          What if you try to ping from the client instead of pfSense, does that also 'open' the connection?

          When you see pings work but TCP fail you may be hitting:

          Asymmetric routing
          MTU issues
          TCP offloading problems

          Since the connection succeeds after pinging it's most likely asymmetric routing where an ICMP redirect allow connection to work for a short time.

          How exactly do you have the SG-1100 hooked up?

          Steve

          D 1 Reply Last reply Reply Quote 0
          • D Offline
            dcoens @stephenw10
            last edited by

            @stephenw10

            Yesterday I did this. Paypal.com is is one example that stopped going to the site and would not connect. I don't know If I really fixed it by doing this, but so far, so good.

            Disable DNS Forwarder: I checked this to on, Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall.

            Even though DNS Forwarder, General DNS Forwarder Options, Enable, Enable DNS forwarder is "not checked".

            I have the SG-1100 Setup mostly by default with my System

            General Setup> DNS Servers set to 9.9.9.9 with quad 9 secondary. I also am using PF BlockerNG devel.

            I did Diag > Test Port and run a test on paypal.com on port 443 and it came back successful. But of course this is after the above setting and things seem to be working so far.

            If it come back as not returning the site, I am at a loss of the "ICMP redirect". When I looked that up it had to do with setting up firewall rules - I have not done that directly as PF BlockerNG has set some stuff up in their that says do not edit.

            Appreciate your help.

            Thank you.

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              @dcoens said in Website blocked until login to console:

              Disable DNS Forwarder:

              When you set that in Sys > General setup you are telling the firewall to use the defined external DNS servers for it's own connections. Like from Diag > Ping or firmware checks etc.
              It will otherwise ot's own DNS server, either the forwarder or the resolver whichever is enabled.

              It's unlikely that change would have any effect on client connectivity.

              Steve

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.