Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Domain user can only access https sites and blocked from port 80 sites???

    General pfSense Questions
    4
    15
    3860
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      ptex last edited by

      I hope someone can help me, I'm never going to leave this office. I have Pfsense 1.2.3, dns blacklist, havp, snort, squid, and squidguard. Right now Im on a laptop connected to a wifi ap that just hangs off the network, I'm not logged into the domain right now. Its been running fine for a long time. I found that our switches are hosed put in new ones. I have been on the phone with Microsoft all day they are down to its not the server 2008 r2 its the firewall. From a client pc I can get to https sites like a bank, but can't get to google.com. Also from the server I can not telnet google.com 80. Any thoughts?

      1 Reply Last reply Reply Quote 0
      • chpalmer
        chpalmer last edited by

        You need to share more information.

        How are your outbound nat and firewall rules setup?

        What shows up in the firewall logs when you try?

        what is your network topography?

        to name a few…

        1 Reply Last reply Reply Quote 0
        • P
          ptex last edited by

          Hang on looks like the dns servers were wrong on the wan interface, as well as the subnet. I changed the dns but how do I change the subnet?

          Got /30 but that did not fix me.

          1 Reply Last reply Reply Quote 0
          • P
            ptex last edited by

            How are your outbound nat and firewall rules setup?

            "automatic (ipsec passthrough)"

            What shows up in the firewall logs when you try?

            I have lots of this
            pf 1. 525838 rule 61/0(match):block in on re0: (tos 0x0, ttl 255, id 26288, offset 0, flags [none], proto udp (17), length 303)
            172.16.160.1.67>255.255.255.255.68: BOOTP/DHCP, Reply, length 275, xid 0x969c4cc, Flags [Broadcast]

            what is your network topography?

            T1 -> PfSense -> switch (dumb) -> domain

            1 Reply Last reply Reply Quote 0
            • P
              ptex last edited by

              And stuff like
              The rule that triggered this action is:
              @61 block drop in log quick all label "Default deny rule"

              1 Reply Last reply Reply Quote 0
              • P
                ptex last edited by

                Could it be the server, I don't think so. I just switched the dns on the server to 4.2.2.2 that should have taken the dns out of the picture, I believe that 4.2.2.2 is a public dns.

                1 Reply Last reply Reply Quote 0
                • P
                  ptex last edited by

                  How do you turn pfsense back on after hault system?

                  1 Reply Last reply Reply Quote 0
                  • P
                    ptex last edited by

                    I'm bummed I just replaced the pfsense box with a old sonic wall I had and it works. All but email, so far. Sad night/morning.

                    1 Reply Last reply Reply Quote 0
                    • P
                      ptex last edited by

                      What could have gone wrong in a day? I hate SonicWall, I should go home and sleep now I need to be back here in 5 hours.  :'(

                      1 Reply Last reply Reply Quote 0
                      • R
                        rexis last edited by

                        A few questions:

                        • Is your squid transparent? Do you use captive portal? Is your webgui on port 80(http)?
                        • What is your user's network setting? Do they set proxy? Do they use your pfsense as gateway? Or something else?
                        • (If you are not using proxy)What is the firewall rule that permit your users to go out to WWW? eg. Allow any ip any port to non-internal-network port 80. This rule should sit on your LAN interface.
                        • When you say Domain users, do they need to perform any authentication to use internet? Sth like captive portal? Or Squid authentication? etc?

                        If your squid is transparent, try reinstall your squid package, miracle might happened.

                        If all port 80 traffic fall into the "Default deny rule", it could be that the component that handle http traffic isn't working properly.

                        1 Reply Last reply Reply Quote 0
                        • P
                          ptex last edited by

                          I tried the squid both transparent and not. No captive portal, yes gui is on 80.
                          The users did use the pfsense box as a gateway no proxy.
                          It had/has allow any to 80
                          Domain users need to authenticate to gain access to the network I suppose that really should have nothing to do w/ PF.

                          PF runs on a old dell pc I had in a vbox, so I guess many things could have gone wrong other then the rules / squid / snort… I'm going to rebuilt it this SonicWall thing is only temporary.

                          1 Reply Last reply Reply Quote 0
                          • chpalmer
                            chpalmer last edited by

                            Yikes my cable service went south yesterday…

                            Is the pfsense GUI on port 80?  Can you see the gui?

                            Did you originally set this box up?

                            My guess is that you may have a package config error that is blocking you.

                            Save your config.

                            Delete your packages.

                            Add them back one by one.

                            See at what point you start to see the problem again.. Hopefully its gone away by deleting the packages...

                            You can always go back to your saved config...

                            1 Reply Last reply Reply Quote 0
                            • H
                              heper last edited by

                              if squid is involved you should look at that … if it is running transparently and something is wrong with it then all http traffic will fail and all other traffic will be fine

                              1 Reply Last reply Reply Quote 0
                              • P
                                ptex last edited by

                                Well I went to upgrade the sonicwall and it also died, tech support said they would send a new one. What a joke I need it to run a 100 user network now. Anyway I rebuild the Pf box from scratch and got it all working again owa still is still not working but I needed sleep. So i guess it could have been one of the packages so now I have a back up of my config and once I get owa back up and running I'll take another back up then build a failover PF box I guess.

                                1 Reply Last reply Reply Quote 0
                                • R
                                  rexis last edited by

                                  I had a PFS box that with similar(if not exact) problem as what you described, all the settings are okay, webGUI okay, captive portal radius auth okay, even package info display nicely(if internet down it will say sth like can't access server), but just no internet connection on the user side. The issue fixed by reinstalling the squid package. My squid is on transparent mode.

                                  Did you try to reinstall the squid package to see if it can help your issue? Your squid is in transparent mode so it is capturing all port 80 traffic automatically but it is not proxying them out. Did you see anything funny in the squid cache.log? Did your squid use any disk cache? What is your hdd usage?

                                  Or apparently the most direct way backup your settings, factory default your PFS, and restore them back, the squid would reinstall itself and settings will retain(once an internet connection hooked up to WAN), be warned that I never try this on any snort.

                                  Better if you have another spare machine, set it up as PFS, and try on that. So you won't ruin the old PFS further.

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post

                                  Products

                                  • Platform Overview
                                  • TNSR
                                  • pfSense
                                  • Appliances

                                  Services

                                  • Training
                                  • Professional Services

                                  Support

                                  • Subscription Plans
                                  • Contact Support
                                  • Product Lifecycle
                                  • Documentation

                                  News

                                  • Media Coverage
                                  • Press
                                  • Events

                                  Resources

                                  • Blog
                                  • FAQ
                                  • Find a Partner
                                  • Resource Library
                                  • Security Information

                                  Company

                                  • About Us
                                  • Careers
                                  • Partners
                                  • Contact Us
                                  • Legal
                                  Our Mission

                                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                  Subscribe to our Newsletter

                                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                  © 2021 Rubicon Communications, LLC | Privacy Policy