Instagram and Snapchat Not loading on my android device

lambro690 · Jun 28, 2015, 5:03 PM

Hello! I am new to pfsense and I am having a little issue. Everything works fine on my PFsense box EXCEPT the instagram and snapchat apps will not load or refresh on my android device while connected to the network.

My setup is:
Verizon FiOS Router for WAN (192.168.1.1) -> PFSense Box(192.168.2.1) -> Access Points/Internal Network

I had PFBlocker installed on the box but uninstalled it to see if that was the issue, and it wasn't.

I changed the DNS servers to Open DNS 8.8.8.8/8.8.4.4 - Still no luck

Changed the DNS server to verizon's DNS servers and still no luck

I am at a loss.

I can visit the Instagram website on my desktop and it works flawlessly and the apps work on 4G as well.

What could be blocking this?

Thanks in advance !

lambro690 · Jun 30, 2015, 6:09 AM

Alright for anyone that has the same problem, i figured it out by monitoring the traffic and found out that port 41159 was blocked, added a rule in the firewall and now it works!

KOM · Jun 30, 2015, 1:30 PM

i figured it out by monitoring the traffic

That's how you do it. Good work fixing your problem so quickly and sharing the results.

Jailer · Jun 30, 2015, 5:34 PM

Thanks for sharing. I'll have to check this out when I get home. Jr has complained since I went to pfsense that snapchat doesn't work while on wireless. I told her to just suck it up but if I can fix it I will. ;D

lambro690 · Jul 15, 2015, 1:13 AM

Alright another update, so opening the port didn't work so I have done some tinkering and made a rule for any device on lan to connect to port 443 via any port (in my case anywhere from 40000-60000) What a mess this has turned out to be but with this rule I can use snapchat.

I will attach a screenshot of the rule and hopefully it helps you all!

tim.mcmanus · Jul 15, 2015, 2:14 PM

Does enabling UPNP resolve this issue?

My women (3 girls) haven't complained that they can't get to these sites and I have UPNP enabled. They can usually tell when I've rebooted the firewall. Best monitoring system ever. :)

KOM · Jul 15, 2015, 2:36 PM

It looks like he has modified the default Allow All rule on LAN, or this is an additional network like OPT1 without any default rules. No wonder he's having problems.

Two things I'd recommend:

Unless you're actively using IPv6, I would disable it.
Unless you're restricting LAN, I would blow away any rules you have and replace them all with an allow all rule like the default rule you see on your LAN tab (see below).

lambro690 · Jul 15, 2015, 2:59 PM

No I have upnp enabled already, upon reading some other forums on TCP:FA connections in pfsense I have found out that the problem was the firewall was set to block these connections. I set the firewall to conservative in the advanced -firewall\nat menu and have successfully fixed all android apps with a problem (instagram, snapchat, eBay, Facebook, and any others with slow load times) the solution I had mentioned above only worked with snapchat but with all the other apps changing the firewall settings helped a lot.

KOM · Jul 15, 2015, 3:34 PM

upon reading some other forums on TCP:FA connections in pfsense I have found out that the problem was the firewall was set to block these connections.

TCP:FA (FIN ACK) is an acknowledgment of a TCP teardown request. pfSense does not block TCP:FA by default. It was an out-of-state packet that got rejected by the firewall because the state it belonged to was already considered closed due to the teardown. The TCP:FA was seen as a new connection attempt, and blocked by WAN rules.

tim.mcmanus · Jul 15, 2015, 4:36 PM

I do have my firewall set to conservative, so that's probably why my monitoring system didn't go aggressive on me.

lambro690 · Jul 15, 2015, 7:24 PM

@KOM:

upon reading some other forums on TCP:FA connections in pfsense I have found out that the problem was the firewall was set to block these connections.

TCP:FA (FIN ACK) is an acknowledgment of a TCP teardown request. pfSense does not block TCP:FA by default. It was an out-of-state packet that got rejected by the firewall because the state it belonged to was already considered closed due to the teardown. The TCP:FA was seen as a new connection attempt, and blocked by WAN rules.

Thank you for explaining this further. Yes this was my particular problem and it is now resolved.

Thanks to all of you for you reccomendations and support

@tim.mcmanus:

I do have my firewall set to conservative, so that's probably why my monitoring system didn't go aggressive on me.

And Tim yes that's probably why you have no problems! Lol thanks for your support