(NOOB) Some Block Web Access



  • Hi All,

    I am new to PFsense. I am from Malaysia and this is the first try for the firewall, Load Balance-Traffic Limit and VPN Purpose.

    I m not sure why cannot access microsoft.com, msn.com, hotmail.com nor application such as messenger live 8

    But, gmail.com, yahoo.com and lycos.com - mail can access.

    Please help why microsoft things got blocked in PF sense? I use the version of  1.2-RELEASE.

    Anyone help would appreciate.

    Thank you,
    Kelvin



  • I m not sure why cannot access microsoft.com, msn.com, hotmail.com nor application such as messenger live 8

    Plz tell how you did it ;) j/k

    No real reason i can think of should make that happen.
    Can you connect when using the livecd
    Maybe remove the traffic shaper and see what happens.



  • @yce_kelvin:

    I m not sure why cannot access microsoft.com, msn.com, hotmail.com nor application such as messenger live 8

    But, gmail.com, yahoo.com and lycos.com - mail can access.
    Please help why microsoft things got blocked in PF sense? I use the version of  1.2-RELEASE.

    You are lucky. My be they don't allow access to company sites which break laws of so many countries and get away!!
    Just kidding!!

    Can you please see the logs ..
    status >>  System logs >> Firewall tab.
    You may want to turn on a more detailed logging at :
    status >>  System logs >> settings tab  and click both the default rule and raw log to see more details.

    In addition, please try tracert at the dos prompt to see how far are you able to go… If you went past your router then the problem may be upstream at your ISP.



  • Hi,

    Thank you for reply my question, Perry and garg_art2002

    When i type msn.com,  this is the log result

    x May 1 01:50:07 NG0 124.82.79.205:28934 60.54.233.221:61521 UDP
    x May 1 01:50:03 NG0 124.82.79.205:28934 60.54.233.221:61521 UDP
    x May 1 01:50:01 NG0 124.82.79.205:28934 60.54.233.221:61521 UDP

    I do not know why fail to access this 2 website.. it is any "hidden" default rules?

    May 1 01:55:03 LAN 192.168.10.109:138 192.168.10.255:138 UDP
    May 1 01:55:00 LAN 192.168.10.50:2831 65.54.165.136:80 TCP
    May 1 01:54:55 LAN 192.168.10.103:138 192.168.10.255:138 UDP
    May 1 01:54:54 LAN 192.168.10.118:138 192.168.10.255:138 UDP
    May 1 01:54:48 LAN 192.168.10.125:138 192.168.10.255:138 UDP
    May 1 01:54:47 LAN 192.168.10.124:138 192.168.10.255:138 UDP
    May 1 01:54:47 LAN 192.168.10.112:138 192.168.10.255:138 UDP
    May 1 01:54:44 LAN 192.168.10.133:138 192.168.10.255:138 UDP
    May 1 01:54:36 LAN 192.168.10.102:137 192.168.10.255:137 UDP
    x May 1 01:54:32 LAN 192.168.10.100 224.0.0.1 ESP



  • Your mtu at interfaces>wan is probably too high. Try to set it to 1400 and retest. If these sites work then try to go up with the mtu again until it breaks and then one step back. Other option is to use pings with fixed packetsize and no fragment flag to find out your max mtu. Search google for how this is done for the OS of your chioce (in case this is a windows box rin ping /? to see these options).



  • Hi, Hoba,

    My problem Solved!!!  :D :D :D

    Yeah, the MTU figure problem. I put 1500 initially. Wow, thanks so much for this.

    Thank you so much.

    Kelvin


Locked