Netgate SG-1000 microFirewall

Author Topic: troubleshoot site unreacheable - HowTo  (Read 178 times)

0 Members and 1 Guest are viewing this topic.

Offline lexje

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
troubleshoot site unreacheable - HowTo
« on: January 06, 2018, 06:11:40 am »
Hi,

Some (random) sites are unreacheable, despite the fact that pfsense is set to block nothing.

I'm new to pfsense, so please bear with me.
Some background:
I'm working in a relatively small soho environment, and due to the fact that I'm active in home automation I'd like to be able to confine certain devices to certain networks.
I'm convinced of the value of unix based systems. (Linux, BSD, macOS but also Android etc)

At the moment I'm not clear on what would be the ideal device, therefore I'd like to grab some experience using a virtual device.

I've set up pfsense in a vmware fusion (mac mini with extra network adapter)
All seems to be working, but I have several sites that are totally unreacheable, so my interpretation is that they are blocked by pfsense.

(When I log into the pfsense mac mini using 'share screen', I can reach these sites without any problem.)

No my question:
- how do I go about finding out what / where the blocking occurs?
- is there some way, e.g.  where I can enter pfsense and observe all traffic coming in / going out through a certain client ip address?

What would be the advised membership level to get started?
I'd like to first get things going and do some learning before deciding what appliance I'd need to buy.

Thanks for helping out!



Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2433
  • Karma: +191/-9
    • View Profile
Re: troubleshoot site unreacheable - HowTo
« Reply #1 on: January 06, 2018, 10:02:22 am »
Hi,

If you do not use IPv6 on your LAN, then your second rules is a pass-all.
The next 3 rules are never evaluated because out-ruled by rule this rule 2.

I have only one rule on LAN, the same as yours, but I had to add IPv6 because I'm also using IPv6. See image.

Nothing has been blocked for me.

So, what are these "some sites' ? What do they have in common ?
Is it a WAN issue, like MTU ? Are these sites resolving to the right IP ?

Btw : normally, pfSense will resolve (playing the DNS resolver) for all the devices on LAN - no need to 'pass' traffic to 8.8.8.8 - except, of course, if it is important to you that all your (private) DNS traffic is handled by Google.


Offline lexje

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: troubleshoot site unreacheable - HowTo
« Reply #2 on: January 07, 2018, 03:16:38 am »
Hi Gertjan, thanks for your reply,

Here are 2 sites that are unreacheable:
* https://www.theandroidsoul.com/how-to-backup-apps-and-data-without-root-using-helium-android-app/
* https://techcrunch.com/2016/04/19/the-first-comprehensive-study-on-women-in-venture-capital/
* https://www.emacswiki.org/emacs/FoldingMode

At first I thought it had to do with https, but that's not the case, other https sites load fine.

MTU is default: BLANK
I'll try to look into DNS, as I have thought about that being the culprit at the root of the problem, I think that's also what lead me to adding Google's DNS servers.
« Last Edit: January 07, 2018, 10:27:52 am by lexje »