Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Browsing problems after 2.0.2 update

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 5 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PhilR
      last edited by

      I was using 2.0.1 without any problems.

      Since the upgrade to 2.0.2 I've noticed most websites are unavailable. (Oddly, not all.)
      There's no filtering in place on the pfsense box; no entry in the logs showing anything being blocked.

      If I request, say, http://www.google.com then I'm redirected to https://www.google.co.uk (that's normal)
      When I request that, there is no reply. But it can't be a routing problem - I can ping OK.
      Packet capture on the LAN shows the connection to <whatever google.co.uk's="" ip="" is="">on port 443, but it doesn't appear in packet capture on WAN.

      Here's the odd bit  ??? : If I connect a laptop straight to my router, it works fine, every time, so it must be something to do with the pfsense box… But every site works if I use TOR from behind the pfsense box.

      I found an image of an old pfsense build (1.2.3), span that up - and things work perfectly well.

      Bright ideas?</whatever>

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Do you have any package installed?  ???

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • P
          PhilR
          last edited by

          The only packages installed were openvpn and snort… but they were both disabled - as were all the other services except DNS - and it didn't make a difference.

          Odd, eh?

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            Can you check with firebug what errors you get on these sites.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              If you can get a packet capture showing the problem, I'd be willing to take a look. Can email pcap with a link to this thread to cmb at pfsense dot org. LAN or WAN, probably LAN first.

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Have you made any MTU and/or MSS clamping setting changes?

                It sounds like an MTU issue, and the only possibly-relevant thing I can think of that changed there between 2.0.1 and 2.0.2 is that we altered how the scrub rule was being used in the background.

                Though it should be working better now, not worse.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • P
                  PhilR
                  last edited by

                  Thanks for the suggestions, folks - and the kind offer of analysing a capture.

                  I fixed it (sort of) by rebuilding from scatch after I completely failed to save the backup xml file.
                  For the benefit of those who follow (and perhaps devs, who knows?):

                  I captured on both interfaces and saw that DNS answers were being rx'd by the WAN, but very few were being tx'd by LAN; usually one would be returned to the client before it timed out.
                  Uninstalled snort; same effect.
                  Took a backup - failed to save the file. Do'h.
                  Reset to "factory" defaults - still unable to browse, inbound packets arriving at WAN not being forwarded.
                  Once inbound NAT redirects were set up, LAN was blocking outbound traffic and showing that in logs.
                  Interestingly, although snort wasn't installed, and the box had been reset to factory, saw various snort errors on console on boot.

                  Rebuilt from the live CD; set up inbound NAT redirects as before, all tested OK.

                  Is there a way to mark this as "solved"

                  1 Reply Last reply Reply Quote 0
                  • M
                    Metu69salemi
                    last edited by

                    Edit first post subject field with [SOLVED]

                    1 Reply Last reply Reply Quote 0
                    • C
                      cmb
                      last edited by

                      Just uninstalling Snort doesn't clear the block offenders IIRC, that sounds like the symptoms of overblocking with Snort. There aren't any DNS-related changes or anything else that would cause that symptom on 2.0.2 when it didn't happen on 2.0.1, it's not version-related. The reinstall just did the same thing a reboot would have minus Snort.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.