Pfsense blocks some websites



  • Hi All,

    ** I have tried all the options recommended in this http://doc.pfsense.org/index.php/Unable_to_Access_Some_Websites

    I have been plagued with this problem for over 3 months now. Pfsense blocks some websites such as

    godaddy.com
    staples.com
    abebooks.com
    u3.com

    I have disabled/unticked
    –Block Private networks
    --Block bogon networks

    However a few sites refuse to load. Has any one came across this before ? Please make any suggestions, would just like to start going in the right direction

    ** I am using pfsense 1.2.3 final. I have also tried pfsense 2.0 Beta, but still the same result

    Thanks



  • First are you running a proxy or snort?
    Have you disabled all addons?
    Are you able to resolve the sites, (ping them)?
    Lastly your MTU may be affecting your access, I have seen it before if your MTU is set incorrectly. Contact your ISP for more info on that.

    Blocking private or bogon networks will not affect your web access, I recommend you leave those enabled.

    http://doc.pfsense.org/index.php/Unable_to_Access_Some_Websites is a great source, are you sure you exhausted all points mentioned in the documentation?



  • Assuming you're not using squid, this sounds exactly like an MTU problem.  What is your MTU set to?



  • Thank you both for your replies, its really appreciated

    @ tommyboy180

    I just reinstalled the firewall

    We do not have any proxy nor snort.
    We have installed no plugins
    Yes I am able to resolve all sites, meaning I get a reply when I ping them.

    I followed the MTU as suggested on the "Unable to access..", currently set to 1500. Have tried others just to try them in the 1400-1500 range but still no joy.

    The only option that i will say that I have not tried is
    "If you are using pfSense 1.2.3-RC3 or earlier, there was a rare bug in some snapshots which was corrected shortly after RC3 that can cause connectivity issues to certain sites when using 1:1 NAT or multi-wan. See here for more info. Update to 1.2.3-RELEASE and try again"

    I  currently using 1.2.3-RELEASE built on Sun Dec 6 23:21:36 EST 2009, so i assumed that would have been fixed. I do however though have multiple wan and 1:1 NAT

    @submicron

    Thanks , I tried the MTU, however I will try again

    Do you guys have any other suggestions on how I could go about diagnosing this problem ?



  • Update.

    I just realized that all webpages loads fine within the DMZ and WAN. The only place where the web pages dont load completely are on the LAN.  I am going to re examine all machines on the local network to see if there are any machines that might be causing  this problem

    However do you have any other suggestions ?


Log in to reply