Something is blocking FaceBook from login



  • Hi, i got a weird problem….
    For some reason, everybody can access the FaceBook's login page, but after inserting username and password, it takes you nowhere, only the classic white page can be seen telling "the page cannot be displayed, there is a problem".
    From what can it depends from???
    Thanks



  • do you block any other sites ?
    facebook.com is downloading files from other (sub)domains.



  • Right now i have probably an unusual setup.
    I am hosting a local community site on a local server, to which everybody can access to.
    There is a captive portal in place, so people have to click on a button before they are transferred to the local site.
    I have selected the "voucher internet" option, but nobody is actually using it as i removed all the extra codes in a way that people just stay on the local site, blocking access to the www.
    I create a rule on the firewall blocking the port 80.
    I add people wanting to use the www to the captive portal's MAC address pass trough.
    I have also installed the Squid and LightSquid packages and randomly testing other packages…



  • Is any of the PFSense tools able to track down where or what is blocking this site?
    As i can only see that the connection is not going to the next step but it doesn't actually tells me what is stopping it
    Thanks.



  • I just found this, it might have something to do with the firewall, maybe the "rule 1/0" ???

    Jul 9 14:15:11
    pf: 192.168.5.8.137 > 192.168.5.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST

    Jul 9 14:15:12
    pf: 00:00:00.749982 rule 1/0(match): block in on fxp0: (tos 0x0, ttl 128, id 39403, offset 0, flags [none], proto UDP (17), length 96)



  • Can you access the site without using squid ? Perhaps your squid (config) is causing a problem.
    Enable firewall logging on a rule and check what is passing this rule. (on a client which can access the site)
    Are you using LoadBalancing ?
    Is your squid running in transparent or non-transparent mode ?



  • Not using Load Balancing, Squid is on Transparent Mode.
    Only the wireless connections have this problem, on the wired network it's all fine.
    There is any way to tell the firewall to allow a specific website (FaceBook.com) through it??
    Thanks.



  • set an allow "any to any" rule on the wireless LAN firewall tab and place this firewall rule on top of all other rules. then reset your states and try again.
    if it does not work then, please post a screenshot of your firewall rules.



  • Thanks for the suggestion, but to allow a rule "any to any" it is not the equivalent to disable the firewall???
    I would like the firewall on if possible, all i need it's being able to use this specific website in a "normal" way, as i just found a work around to it but i am embarassed to tell what it is…. :D
    Ok i will share it, i am using a web-proxy to by-pass my own firewall and proxy  ;D
    So far it's working fine, but i hope someone will have a proper fix for this problem



  • It was for testing purposes - to see which traffic needs to be passed to reach this site.
    create an "allow client-source-ip to any" on the top of all, enable logging and test if it is working and check the firewall logs, IPs and Ports.



  • Ok, here it is, probably i made a mistake somewhere, or more likely more than one….i put some screenshots of everything  :D
    Still having the same problem.

    ![Firewall Rules LAN.jpg](/public/imported_attachments/1/Firewall Rules LAN.jpg)
    ![Firewall Rules LAN.jpg_thumb](/public/imported_attachments/1/Firewall Rules LAN.jpg_thumb)
    ![Firewall Rules WAN.jpg](/public/imported_attachments/1/Firewall Rules WAN.jpg)
    ![Firewall Rules WAN.jpg_thumb](/public/imported_attachments/1/Firewall Rules WAN.jpg_thumb)
    ![Rule Any to Any.jpg](/public/imported_attachments/1/Rule Any to Any.jpg)
    ![Rule Any to Any.jpg_thumb](/public/imported_attachments/1/Rule Any to Any.jpg_thumb)



  • Firewall System Log.

    ![Firewall System Log.jpg](/public/imported_attachments/1/Firewall System Log.jpg)
    ![Firewall System Log.jpg_thumb](/public/imported_attachments/1/Firewall System Log.jpg_thumb)



  • Strange subnet for the fourth rule from top. Why is it /1 ? If it is just a host then set it to /32

    Second rule from top:
    Set protocol to "any" any not only TCP.



  • Ok, i updated all, but the highest number available was 31, there is no 32, so i choose that one.
    Facebook still inaccesible.

    ![Firewall Rules.jpg](/public/imported_attachments/1/Firewall Rules.jpg)
    ![Firewall Rules.jpg_thumb](/public/imported_attachments/1/Firewall Rules.jpg_thumb)
    ![Firewall Logs.jpg](/public/imported_attachments/1/Firewall Logs.jpg)
    ![Firewall Logs.jpg_thumb](/public/imported_attachments/1/Firewall Logs.jpg_thumb)



  • Did you try it with squid turned off (turn of transparent mode)?  If squid is caching some of FB's background pages, I would guess FP will not be happy.

    I know you said you are not using load balancing, so assume you have only one WAN connection?  Obviously with two connected, FB thinks you are coming from two locations and has a hissy.



  • I de-tick the transparent mode and rebooted everything but it didn't solve the problem, it must to be something else…
    The wired connection don't have any problems, it's only the wireless connection that have this issue, and it began after i started installing new packages, before it was working fine for both connections.

    ![Firewall Logs.jpg](/public/imported_attachments/1/Firewall Logs.jpg)
    ![Firewall Logs.jpg_thumb](/public/imported_attachments/1/Firewall Logs.jpg_thumb)



  • It seems i will have to stick with my proxy's work around for a very long time…..
    Thanks anyway to all those who contributed with their suggestions, if i will ever find a proper fix i'll come back to share it here...all the best



  • Got some other pieces of information…
    If i try to use the Facebook application on the Iphone, there is no way it will login, but if i try to access their website through the Safari browser, at first the connection will get refused, then the login page will appear again, click on "try alternative login" a warning will come up, which basically says that the password will be sent in "plain text" and again will bounce back, but if you close the page and go there again, you are actually already logged in and can access everything....

    I try this on my computer too, instead to go in www.facebook.com, try m.facebook.com and click on "try alternative login", it will work !!!

    Also, if my pc was already logged in, i discovered i can just browse all the various Facebook parts, however, if i logout, i am unable to login again, unless i use this alternative way.


  • Netgate Administrator

    So it's some https problem then.

    The log pages you posted earlier are not the firewall log. They look like the system log but I've never seen it full of pf messages like that and the formatting is a bit odd.  :-\

    It looks like you maybe have something more seriously wrong with your install. Is this 2.0.1? Which install type?

    Steve



  • It's the system's log for the firewall in PfSense, in this other picture you can see the the top of the report.
    I am using the latest version (2.0.1-RELEASE (i386) FreeBSD 8.1-RELEASE-p6) installed on his own dedicated computer.

    ![Firewall Log.jpg](/public/imported_attachments/1/Firewall Log.jpg)
    ![Firewall Log.jpg_thumb](/public/imported_attachments/1/Firewall Log.jpg_thumb)


  • Netgate Administrator

    Hmm, something is wrong there. It shouldn't look like that at all.

    You are just seeing the pf log directly but that should never happen.  :-\

    Steve



  • i'm thinking 'Show raw filter logs' is enabled under settings



  • The log has been enabled to try to identify what is blocking the login page from going further


  • Netgate Administrator

    Ah! So it is. You learn something everyday.  ::)

    Stee



  • Sorry i am not sure to understand what do you mean with that.
    Are you suggesting that enabling the log for the firewall in PfSense creates this problem???
    The firewall's log has been enabled -after- this inconvenience, to get more information about it and possibly solve it….


  • Netgate Administrator

    I was not familiar with the 'raw filter logs' option for the firewall log which lead me to believe your install may have had a more serious problem since your logs appeared to be completely ****ed.
    However that was my mistake, sorry about that.  :-[

    Steve


Log in to reply