• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Strange behaviour? No Captcha, for example

General pfSense Questions
2
2
358
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    peter_964rs
    last edited by Jun 8, 2022, 8:59 PM

    My first post, be gentle :)

    I installed pfsense on a spare Shuttle miniPC that has two Realtek (didn't know they weren't Intel) Ethernet ports, an Intel i3 CPU, 4Gb memory and a 1Tb SSD I had spare.

    Previously, I had a Huawei internet router with DHCP server for my home network, with BT Wifi disks around a large period property. My network was 192.168.8.x with usual 255.255.255.0 net mask and the Huawei as gateway with iP 192.168.8.1.

    I have some directly connected devices - office PCs, NAS, CCTV cameras, Raspberry Pi - that connect into unmanaged Zyxel or Netgear switches or an Apple Time Machine's switch ports, and I have laptops and tablets and phones in use by myself & family connecting via Wifi through the BT disks, that have DHCP-assigned IP addresses (the base station for these is manually set to 192.168.8.254 though).

    I inserted the pfsense firewall I'd built in between the Huawei and home network, using only default firewall rules. In order to maintain as many devices on my network with manually input IP addresses unchanged, I set the Huawei to 192.168.7.1 with its DHCP range accordingly on the 192.168.7.x network, connected it to the pfsense WAN port, and set the LAN port to 192.168.8.1 with it running DHCP on the 192.168.8.x network. The default rules of 'block bogon networks' and 'block RFCxxxx networks' were the only rules in place.

    So, to summarise, I did have:

    Internet->huawei->192.168.8.x->devices

    And then I had

    Internet->huawei->192.168.7.x->pfsense->192.168.8.x->devices

    Mostly this worked fine. But occasionally, very weird things happened. For example, when attempting to register with this forum, which asks for a Captcha to be completed, the Captcha would not appear. When browsing Youtube, I could see videos and video previews but none of them would play - just a spinning icon. Certain websites - bbc.com, Facebook, even Google on occasion - simply wouldn't connect or render. But then something would 'free up' and they'd work for a small amount of time and then freeze up again. We have Ukrainian refugees staying with us now, and one was using Wifi to join an English lesson on Zoom - which initially refused work and then suddenly decided it would (phew!). She joined her lesson five minutes late rather than not at all.

    This behaviour was consistent for directly connected devices such as my office PC, or from wifi connected devices such as the laptop I'm writing on now.

    I tried removing the default rules for bogons and RFCxxxx networks and it made what seemed to be a small improvement but I still wasn't able to see the Captcha for this forum, for example.

    Obvs I tried rebooting devices, switches (unmanaged with no VLANS defined), clients, wifi disks etc - no difference. I made sure I renewed DHCP leases where applicable.

    In frustration and with screams of rage from children and wife echoing in my ears I removed the pfsense firewall, reconfigured the Huawei to the 192.168.8.x network, rebooted and suddenly all back as normal.

    So, I'm confused. I was expecting to 'just insert' a completely standard pfsense in between Huawei and internal network and have no reduction in internet capabilities but that clearly wasn't the case.

    Could anyone give me some insight into what may have happened? I'd like to insert pfsense, have a seamless experience with use of the internet, and then start to explore packages such as pfblockerNG and snort to add in additional protections for the home network and family use. These I anticipate causing issues....

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by stephenw10 Jun 8, 2022, 10:41 PM Jun 8, 2022, 10:40 PM

      It sounds like one of two things:

      An MTU issue. Check everything is using 1500, at least internally.

      An IPv6 problem. pfSense will try to use IPv6 by default and if it has any IPv6 connectivity it will hand out v6 IPs to clients. Most clients will then try to use that by default in preference to v4 and if there isn't actually full connectivity the browsing experince goes to crap as they have to timeout before trying v4. Disable DHCPv6/RA in pfSense if you're not using it.

      Also see: https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.html

      Steve

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.