Egress filtering issue



  • I am trying to implement Egress filtering and I am running into some issues.  I've attached a screenshot of my current LAN interface.  I've setup pass rules for 443, 80 and 53.  Once I disable the default any, any I can get to Google on 443 https://www.google.com/ preform a search such as https://www.google.com/?gws_rd=ssl#q=test but I cannot get out through port 80.  Any idea what I am doing wrong?
    ![Screenshot 2015-01-10 at 9.57.20 PM.png](/public/imported_attachments/1/Screenshot 2015-01-10 at 9.57.20 PM.png)
    ![Screenshot 2015-01-10 at 9.57.20 PM.png_thumb](/public/imported_attachments/1/Screenshot 2015-01-10 at 9.57.20 PM.png_thumb)



  • Google automatically redirects HTTP traffic to HTTPS now.
    Can you reach other sites on HTTP like pfsense.org?

    …well, bad idea. pfSense uses HTTPS only as well.
    Try www.nytimes.com for example.



  • Chris,

    Eureka moment.  I cleared my browser cache.  Explained why I could only get to https://www.google.com and nothing else.  Now pfsense blocks all 80/443 traffic… so I must be implementing the pass rules incorrectly or have some other configuration setting set incorrectly.

    Mike


  • LAYER 8 Global Moderator

    One thing I notice is your dns rule is tcp and not udp..  UDP is what is used for normal queries, tcp can be used large queries, zone transfers, etc.. but if your going to want to query dns you need to enable udp as well.



  • Thank you John.  That worked!


Log in to reply