Pfsense block some websites from LAN but same websites are opening from DMZ
-
Hi,
I am using pfsense 2.2.5. I am facing a issue that pfsense not permit LAN users to access some websites but same websites are opening normally from DMZ. plz guide the solution.
Thanks and Regards
-
Plz guide some information and maybe a solution might come along. Start with posting a screenshot of your firewall rules for both your LAN and DMZ, along with any information you might think helpful - like, are you using a proxy and/or what are the DHCP settings you're using (if any) on either your LAN or DMZ. The full (meaning complete) network settings on the LAN and DMZ, including name servers, subnetting, etc would go some way to help also.
-
Sorry I can't attach screen shot because its an organizational network, but I can provide you details
I am facing issue in browsing lhc.gov.pk, schools.punjab.gov.pk
without pfsense I can access these sites.
Pfsense Rules:
LAN –> WAN port 80, 443, and 53 are allowed.
DMZ --> WAN port 80, 443, and 53 are allowed. -
Hope there's someone out there with a mind-reading hat on to help, coz mine's at the cleaners. Good luck.
-
Provide your pfSense version and any packages you have installed.
-
version is = 2.2.5-RELEASE (amd64)
built on Wed Nov 04 15:49:37 CST 2015
FreeBSD 10.1-RELEASE-p24
 -
I was expecting some packages like Snort or pfBlocker or something to account for the differing results, but that was not the case here.
OK, do both LAN and DMZ clients use the same DNS? Do you have any special firewall rules on LAN as compared to DMZ?
-
I have same problem
from OPT interface networks , i can access everything if ia m using a win 7 devices . but if i use Linux or android or win 8 devices , i cann only access facebook .althogh these devices gets ip add and dns perfect from DHCP .
for more information about my estting :
1- OPT interface is used for WLAN access
2- DHCP server set on OPT interfcae <gateway is="" the="" static="" ip="" address="" of="" opt="" interface="" ,="" dns="" 8.8.8.8="" in="" addition="" to="" the ="">3-as firewall interface , i letevery thing allowed , no restrictions.any feedback please</gateway>
-
Well, if you guys could manage to actually supply some useful information, then perhaps we could help solve your problem. Post screenshots of your LAN & OPT1 interface details. Post screenshots of your LAN and OPT1 firewall rules. Post screens or details about your client network settings with regard to IP address, mask, gateway and DNS.
-
In my case using Lnux , win 8 , android , just able to access facebook.although the clients get ip , dns , gateway exactly from dhcp server.
using win 7 evrything fine.
what could cause this problem.
 -
IN future, could you please strip out all that blank white space?
Are you running squid, squidguard, DansGuardian or any other package that can filter URLs? With your existing firewall rules, there is nothing to stop you from going anywhere that can resolve through DNS. I see you might be running Captive Portal (stuff like this is important to mention when asking for help), but I don't know much about that package.
-
sorry for quick posting without revising.
yeah i am using captive portal , but at the moment of posting , i deactivate all captive portal features.
i am not using any package you mentioned.
i check the both http and https ports using nmap . the result was positive for both ports
as u mentioned , it suppose nothing to stop me go through . but it is really strange.
should i try another PFsense version? -
I don't think it's a pfSense issue just yet. What is the exact error you receive when trying to visit any site other than Facebook?
-
unable to upload the webpage , timeout….... , something like that
it looks like he starts to connect the page and then suddenly stopped or something stuck. -
I could solve the problem by adjusting the MTU on the desired interface to be around 1400 Bytes.
hope this information can solve your problem as well .
