next »

[EOC2611P]

Hi, i got a weird problem....
For some reason, everybody can access the FaceBook's login page, but after inserting username and password, it takes you nowhere, only the classic white page can be seen telling "the page cannot be displayed, there is a problem".
From what can it depends from???
Thanks

[Nachtfalke]

do you block any other sites ?
facebook.com is downloading files from other (sub)domains.

[EOC2611P]

Right now i have probably an unusual setup.
I am hosting a local community site on a local server, to which everybody can access to.
There is a captive portal in place, so people have to click on a button before they are transferred to the local site.
I have selected the "voucher internet" option, but nobody is actually using it as i removed all the extra codes in a way that people just stay on the local site, blocking access to the www.
I create a rule on the firewall blocking the port 80.
I add people wanting to use the www to the captive portal's MAC address pass trough.
I have also installed the Squid and LightSquid packages and randomly testing other packages...

[EOC2611P]

Is any of the PFSense tools able to track down where or what is blocking this site?
As i can only see that the connection is not going to the next step but it doesn't actually tells me what is stopping it
Thanks.

[EOC2611P]

I just found this, it might have something to do with the firewall, maybe the "rule 1/0"

Jul 9 14:15:11
 pf: 192.168.5.8.137 > 192.168.5.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
 
Jul 9 14:15:12
 pf: 00:00:00.749982 rule 1/0(match): block in on fxp0: (tos 0x0, ttl 128, id 39403, offset 0, flags [none], proto UDP (17), length 96)

[Nachtfalke]

Can you access the site without using squid ? Perhaps your squid (config) is causing a problem.
Enable firewall logging on a rule and check what is passing this rule. (on a client which can access the site)
Are you using LoadBalancing ?
Is your squid running in transparent or non-transparent mode ?

[EOC2611P]

Not using Load Balancing, Squid is on Transparent Mode.
Only the wireless connections have this problem, on the wired network it's all fine.
There is any way to tell the firewall to allow a specific website (FaceBook.com) through it??
Thanks.

[Nachtfalke]

set an allow "any to any" rule on the wireless LAN firewall tab and place this firewall rule on top of all other rules. then reset your states and try again.
if it does not work then, please post a screenshot of your firewall rules.

[EOC2611P]

Thanks for the suggestion, but to allow a rule "any to any" it is not the equivalent to disable the firewall???
I would like the firewall on if possible, all i need it's being able to use this specific website in a "normal" way, as i just found a work around to it but i am embarassed to tell what it is....
Ok i will share it, i am using a web-proxy to by-pass my own firewall and proxy 
So far it's working fine, but i hope someone will have a proper fix for this problem

[Nachtfalke]

It was for testing purposes - to see which traffic needs to be passed to reach this site.
create an "allow client-source-ip to any" on the top of all, enable logging and test if it is working and check the firewall logs, IPs and Ports.

[EOC2611P]

Ok, here it is, probably i made a mistake somewhere, or more likely more than one....i put some screenshots of everything 
Still having the same problem.

[EOC2611P]

Firewall System Log.

[Nachtfalke]

Strange subnet for the fourth rule from top. Why is it /1 ? If it is just a host then set it to /32

Second rule from top:
Set protocol to "any" any not only TCP.

[EOC2611P]

Ok, i updated all, but the highest number available was 31, there is no 32, so i choose that one.
Facebook still inaccesible.

[Lectrician]

Did you try it with squid turned off (turn of transparent mode)?  If squid is caching some of FB's background pages, I would guess FP will not be happy.

I know you said you are not using load balancing, so assume you have only one WAN connection?  Obviously with two connected, FB thinks you are coming from two locations and has a hissy.