Domain user can only access https sites and blocked from port 80 sites???



  • I hope someone can help me, I'm never going to leave this office. I have Pfsense 1.2.3, dns blacklist, havp, snort, squid, and squidguard. Right now Im on a laptop connected to a wifi ap that just hangs off the network, I'm not logged into the domain right now. Its been running fine for a long time. I found that our switches are hosed put in new ones. I have been on the phone with Microsoft all day they are down to its not the server 2008 r2 its the firewall. From a client pc I can get to https sites like a bank, but can't get to google.com. Also from the server I can not telnet google.com 80. Any thoughts?



  • You need to share more information.

    How are your outbound nat and firewall rules setup?

    What shows up in the firewall logs when you try?

    what is your network topography?

    to name a few…



  • Hang on looks like the dns servers were wrong on the wan interface, as well as the subnet. I changed the dns but how do I change the subnet?

    Got /30 but that did not fix me.



  • How are your outbound nat and firewall rules setup?

    "automatic (ipsec passthrough)"

    What shows up in the firewall logs when you try?

    I have lots of this
    pf 1. 525838 rule 61/0(match):block in on re0: (tos 0x0, ttl 255, id 26288, offset 0, flags [none], proto udp (17), length 303)
    172.16.160.1.67>255.255.255.255.68: BOOTP/DHCP, Reply, length 275, xid 0x969c4cc, Flags [Broadcast]

    what is your network topography?

    T1 -> PfSense -> switch (dumb) -> domain



  • And stuff like
    The rule that triggered this action is:
    @61 block drop in log quick all label "Default deny rule"



  • Could it be the server, I don't think so. I just switched the dns on the server to 4.2.2.2 that should have taken the dns out of the picture, I believe that 4.2.2.2 is a public dns.



  • How do you turn pfsense back on after hault system?



  • I'm bummed I just replaced the pfsense box with a old sonic wall I had and it works. All but email, so far. Sad night/morning.



  • What could have gone wrong in a day? I hate SonicWall, I should go home and sleep now I need to be back here in 5 hours.  :'(



  • A few questions:

    • Is your squid transparent? Do you use captive portal? Is your webgui on port 80(http)?
    • What is your user's network setting? Do they set proxy? Do they use your pfsense as gateway? Or something else?
    • (If you are not using proxy)What is the firewall rule that permit your users to go out to WWW? eg. Allow any ip any port to non-internal-network port 80. This rule should sit on your LAN interface.
    • When you say Domain users, do they need to perform any authentication to use internet? Sth like captive portal? Or Squid authentication? etc?

    If your squid is transparent, try reinstall your squid package, miracle might happened.

    If all port 80 traffic fall into the "Default deny rule", it could be that the component that handle http traffic isn't working properly.



  • I tried the squid both transparent and not. No captive portal, yes gui is on 80.
    The users did use the pfsense box as a gateway no proxy.
    It had/has allow any to 80
    Domain users need to authenticate to gain access to the network I suppose that really should have nothing to do w/ PF.

    PF runs on a old dell pc I had in a vbox, so I guess many things could have gone wrong other then the rules / squid / snort… I'm going to rebuilt it this SonicWall thing is only temporary.



  • Yikes my cable service went south yesterday…

    Is the pfsense GUI on port 80?  Can you see the gui?

    Did you originally set this box up?

    My guess is that you may have a package config error that is blocking you.

    Save your config.

    Delete your packages.

    Add them back one by one.

    See at what point you start to see the problem again.. Hopefully its gone away by deleting the packages...

    You can always go back to your saved config...



  • if squid is involved you should look at that … if it is running transparently and something is wrong with it then all http traffic will fail and all other traffic will be fine



  • Well I went to upgrade the sonicwall and it also died, tech support said they would send a new one. What a joke I need it to run a 100 user network now. Anyway I rebuild the Pf box from scratch and got it all working again owa still is still not working but I needed sleep. So i guess it could have been one of the packages so now I have a back up of my config and once I get owa back up and running I'll take another back up then build a failover PF box I guess.



  • I had a PFS box that with similar(if not exact) problem as what you described, all the settings are okay, webGUI okay, captive portal radius auth okay, even package info display nicely(if internet down it will say sth like can't access server), but just no internet connection on the user side. The issue fixed by reinstalling the squid package. My squid is on transparent mode.

    Did you try to reinstall the squid package to see if it can help your issue? Your squid is in transparent mode so it is capturing all port 80 traffic automatically but it is not proxying them out. Did you see anything funny in the squid cache.log? Did your squid use any disk cache? What is your hdd usage?

    Or apparently the most direct way backup your settings, factory default your PFS, and restore them back, the squid would reinstall itself and settings will retain(once an internet connection hooked up to WAN), be warned that I never try this on any snort.

    Better if you have another spare machine, set it up as PFS, and try on that. So you won't ruin the old PFS further.


Locked