URGENT: Can't use any website with HTTPS…. (Port 443)



  • Hi Everyone,

    I'm in need of some help, I have spent hours and hours on this and hopefully someone will have the answer for me.

    I can't use any website with HTTPS despite adding this to the firewall My config is below. Most people say on the forums that 443 is open by default?

    I'm using 2.0 RC3 - and i really need to get this to work ASAP.

    Regards
    Matt



  • What kind of error message do you get?



  • Hi Thanks for your reply,

    Basically I get no error message just page can not be displayed, its really baffling me!



  • Any suggestions anyone?

    I kind of need the to work soon as possible, 443 seems to be working fine on the WebGUI just can use it on any other website…..

    Cheers
    Matt



  • Did you create a NAT portforward to access the GUI from the outside?



  • No did I need to?

    the onlything I've changed is the admin port which works fine to 567.

    Maybe this is a bug ? I'm running 2.0 RC3 - Could someone else test that they can browse to websites using Https??

    Regards
    Matt



  • Believe me, if your problem was acutally a bug, we'd see a lot more threads here about this.
    And yes, about anyone using pfSense can browse to websites using https.
    There's no difference between https and anything else… it's just TCP connecting as far as pfSense is concerned.

    Somehow i believe your problem not related to pfSense at all.
    Have you tried to connect your computer to the internet directly?



  • Thanks for confirming that this is not a bug, I have checked the STATES and this is what I'm getting:

    tcp  141.92.131.9:443 <- 192.168.1.107:52990  CLOSED:SYN_SENT 
    tcp 192.168.1.107:52990 -> 141.92.131.9:443 SYN_SENT:CLOSED

    I have checked another computer on my network that is using the same route to the internet as the pfsense server and https sites work. Therefore I know this is not a problem with my internet connection and there must be an issues with the pfsense.

    Regards
    Matt



  • @matt224:

    I have checked another computer on my network that is using the same route to the internet as the pfsense server and https sites work. Therefore I know this is not a problem with my internet connection and there must be an issues with the pfsense.

    Does this mean, that in the same subnet is another computer what can browse internet normally and uses pfsense as gateway also?
    What does packetcapture/firewall logs say?



  • No, The computer is on the same subnet but I simply wanted to check that my internet connection was working fine with using HTTPS:// and it did work fine. So I can rule out there any problems on my network as the previous guy suggested.

    Which seems that it's something to do with pfsense - I checked the Firewall log and it showed no indication of any problems.



  • Are you having manual outbound nats?

    As an example:
    I had one setup where one subnet didn't work two others did. I had put manual outbound nats, each subnet had own public ip. After few posts with wallabybob "we" found the problem.
    Same public address were given to modem and that catched replied traffic to itself.
    So thats why i asked packetcaptures



  • Hi Metu69salemi,

    I've just left it set to automatic, But I'm open to suggestions. I checked packetcapture and i could see the site getting requested from the IP address of my pfsense box.

    Could you detail the steps that you tried?

    Regards
    Matt



  • Can you see any replies from that site?



  • Ok here is the result,

    The site that requires 443 is http://www.natwest.com
    10.18.52.16 is the WAN NIC on the pfsense
    10.18.52.9 is my gateway

    For some reason on line 70 it says that the http has moved?



  • Something to read about: http://www.checkupdown.com/status/E302.html
    Something more: http://www.google.com/support/forum/p/Webmasters/thread?tid=024ead20b6787856&hl=en

    Only one thing bothers me, you said that only one client is having this problem. What about browser setups with these computers(working and non-working version)



  • Thanks for the update I will have a look at the links provided, much appreciated.

    In response to your question, sorry all clients on the pfsense network are unable to browse to https://sites.



  • Matt,

    was that packet capture taken on the LAN or WAN interface of your pfsense?

    If it was taken on WAN, it might look like 443/tcp is being filtered upstream, since the TCP SYN is never responded to.

    I don't understand however why the destination address of the HTTP GET is 10.18.52.9 (Your pfsense), the destination address for that packet should be 155.136.80.213 (www.natwest.com). If you perform an nslookup on www.natwest.com from your PC, what address does that hostname resolve to? Do you by any chance override DNS in any way?

    • Andreas

Log in to reply