Unwanted blocking of sites
-
Hello,
So pfsense is blocking a few sites.
I didn't setup any website blocking that i know of.I have snort, dns, and captive portal enabled.
for example when i try to go to in any browser:
www.pfsense.org
www.google.com
www.bing.com
www.gmail.combut when i go to:
www.msn.comIt works just fine.
And then when i switch over to a network without pfsense routing, like just a standard cisco router, Everything works perfectly fine.
If it helps at all, when on the pfsense box i am able to ping 4.2.2.2 and 8.8.8.8
-
define "blocking" - what happens?
The most common cause from what you have listed there would be excessive Snort rules enabled with blocking set, where you're blocking a bunch of false positives with Snort.
-
Oh, i will have to look in to the snort rules then.
When i say blocking, i mean, the browser will not even begin to pull the site up. It also does not even respond with a 404, making it unable to get to the site, or even begin loading it.
-
Actually.
Im not sure that is the problem, Because I turned off snort, and it the issues are same.
Refreshing networking, across all computer (regardless of OS) has the same results.
What are other possibilities?
Thanks in advance!
-
pfBlocker?
SquidGuard?
Squid + Havp?
dansguardian?
Blacklists?Disable each service until it works? Don't just switch off, because the service will likely restart anyway. Don't forget to reset states, just incase and reload firewall rules.
-
I actually don't have many of those installed.
And for the ones i did, i disabled them and reloaded the rules, still same result..
Not really seeing anything in the logs either.
-
bump
-
How are your DNS servers setup in pfSense?
If you go to diagnostics and do a DNS lookup from there does it resolve?
Can you put http://173.194.33.2 in your browser and see that page?
-
Better define what the problem is. What do you get when you try to get to those sites? What do you get if you try to ping those sites? traceroute? What is it that's failing, DNS, IP connectivity, both, …?
Not being able to hit such a large portion of the Internet, if you've ruled out packages, suggests you're doing something like maybe using a /1 mask or something equivalently wrong on an interface which is breaking your routing.
-
Hello, so I finally got some time to work on this again.
So i've eliminated snort being the problem, by completely uninstalling the package and clearing everything.
I've also disabled DNS forwarder.
I was using DNS forwarder with my first 2 DNS' coming from my ISP
then 3rd & 4th using 8.8.8.8 and 4.2.2.2I have disabled every single package installed, and running on a bare installation with exception of captive portal.
Also i am able to get to
173.194.33.2 as now i am able to get to google.comwhen i say unable to access, i mean from a browser it will just time out. Will not get to a 404.
Still not able to get to:
pfsense.org
slickdeals.net
newegg.com
amazon.compinging the above addresses using ping will return is "request timeout for icmp_sql x" - of course some IPs will not respond to ping, but slickdeals.net will.
example:
ping 199.204.20.98same for pfsense router Diagnostics: traceroute
pinging slickdeals.net from another router will return:
ping 199.204.20.98
PING 199.204.20.98 (199.204.20.98): 56 data bytes
64 bytes from 199.204.20.98: icmp_seq=0 ttl=45 time=54.132 ms
64 bytes from 199.204.20.98: icmp_seq=1 ttl=45 time=56.532 mspfsense router:
traceroute 199.204.20.98
1 * * *
2 * * *
3 * * *
.. etccisco router will return the whole path:
traceroute 199.204.20.98
1 x.y.z.a (x.y.z.a) 5.014 ms 1.010 ms 0.900 ms
2 x.y.z.a (x.y.z.a) 3.696 ms 3.808 ms 6.722 ms
3 xyz2-syz5.atl.oneringnetworks.net (x.y.z.a) 7.000 ms 15.927 ms 6.236 ms
4 rav3-syz.atl.oneringnetworks.net (x.y.z.a) 5.670 ms 6.897 ms 6.809 ms
… etcUnder System: -> routes
I have no static routes installed.looking at Diagnostic: Routing tables:
there is a Destination = default
which is pointed to the gateway -
In case anyone was wondering, I fixed it by just re-install pfsense from scratch.