Bank site forbidden
-
Trying to access the Navy Federal credit union site, but when I log in, I get a blanks screen saying just "Forbidden". I have attached the computer directly to the modem and the site works, but with the pfsense in between, forbidden. I have turned off al forwarding rules, nat rules, opened firewall rules completely in both directions. I don't even have pfblocker installed. The Pfsense is up to date.
At this point, I'm not even sure what is returning the "Forbidden" that is displayed, I haven't seen anything in logs that would indicate anything being blocked. I'm at a loss. Any ideas?
-
Are you running through a vpn?
I know of nothing in pfsense that would present a "forbidden" page.. But the site could for sure be blocking a vpn IP..
If your actually using a cable modem, and not a gateway device - and you get a public IP. Also changing your PC for Pfsense would also change the IP you present to the website.
-
@johnpoz Not using a vpn. It is a cable modem, I got the same IP for the computer as I get for the pfsense.
-
I doubt that, since the mac address of your PC is different than what the mac address of pfsense is..
The isp dhcp server would hand you a different IP based on mac address..
Again I know of nothing in pfsense that would present a "forbidden", post a screen shot of this forbidden message... 403 Forbidden is a common message a website would give you when you don't have permission to access..
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403
A proxy might give you that error - but as you said your not even running pfblocker, so have to assume your not running proxy, etc.
-
Looks like u r running squid or pfb as @johnpoz mentioned
Show us a screen of your installed packages and or running services
Br Np
-
I really don't know how he could not know if running proxy - because it wouldn't be doing ssl without some config.. Have to assume a bank login page is via ssl ;)
My "guess" to the problem is site is blocking his IP, and when he changes out his router for his pc to his modem he would get a different IP..
As to him saying he has the same IP when he switches... I have never seen a cable connection that would give him the same public IP upon change of mac of device connected to the modem.
Unless he was cloning his mac address? And his router wan mac was using the same mac as his pc?
I would like to see this forbidden error page, along with the url being shown in the browser address bar.. I would have to assume its coming from the site, and not anything running on pfsense.. I am not aware of anything he could be running on pfsense that would show him "forbidden" in blocking a site.. And if he was already on the bank site, and then just logging in - why would the url actually change? If it does what is it changing too? from like https://www.bankdomain.com to https://secure.bankdomain.com or something like that?
example - my bank chase does this
main site https://www.chase.com, the login domain ends up being https://secure07a.chase.comOnce we know the fqdn of the signin - we could look to see if anything is blocking that? Maybe he is using some forwarder for dns, and whatever he is using for dns is blocking it and sending him to some forbidden error page??
All just guessing.. When he switches to his PC, maybe he is just using his isp dns vs whatever dns he has set in pfsense for forwarding?
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
I would like to see this forbidden error page, along with the url being shown in the browser address bar
Yes yes yes
The rest I totally agree with you on that...
-
This post is deleted! -
I'm sorry I haven't been able to respond again. Covid came to our house and now I'm quarantined in a hotel. So I'll look into this again next week when I'm back home.
Jon, thank you for the reality reminder, there's no reason the pc should get the same IP address and I must have copied something down wrong when checking that. I'll take screenshots when I do get back to it.
Thanks for your responses
-
Stay healthy
