Question A single website blocked by pfsense

Oct 31, 2022
2
0
10
Hello All,

I have a pfsense box that works well for 99.99% of websites. This one however - both https://angelsrescue.org/ and its IP 35.208.254.225 - time out on multiple browsers across all my networks, wired and wifi, that go through my pfsense box. It opens without issue on my cellphone using LTE.

Some key points:
  • I can ping the address with no packet loss.
  • I use NextDNS and the domain is in the allowed list. It appears in NextDNS logs when I try to open it as an allowed page. I even tried changing the DNS server, but it didn't work.
  • I've disabled pfBlockerNG - still blocked.
  • It doesn't appear in my pfsense firewall logs as a blocked IP. And when I put a rule on WAN/LAN to allow that IP, it shows up as a passed event.

I've shared an image of my firewall rules and packet capture results.
Image of Firewall Logs, Rules, and Packet Capture

Thank you for any thoughts you could share on why this one site is so troublesome!
 
Link worked and website opened via FoxFire browser. Seemed sluggish.

pathping and tracert both ended up here:

17 50 ms 51 ms 47 ms 225.254.208.35.bc.googleusercontent.com [35.208.254.225]

???

Not what I would expect.

Check the Hosts file.

Any references to angelsrescue or the IP?

Reference:

https://www.howtogeek.com/howto/27350/beginner-geek-how-to-edit-your-hosts-file/
Hi Ralston,

Thanks for testing it out. I checked my local hosts file and it has no entries in it for the domain name or IP.

I tried the pathping from command line, and a traceroute from pfsense, and this is what they showed:
https://www.dropbox.com/s/uv31ju18w672ax9/passed%20traffic%202.png?dl=0

Not sure if my first image, where packet capture shows only tcp 0 means anything? Usually there would be a port assigned eventually?

Thank again!
 
Because you can get tracert to work it means there is network routing to that IP.

I am unsure from you packet capture thing what is being captured. What would be nice to see is the actual session setup. You should see packets go out and a response come back. I suspect it is partially working and then failing.

What is very strange is what Ralston posted. The ip addresses does not reverse lookup to the same URL. I forget what issue this can cause you would think it could cause trouble getting HTTPS open or maybe the browser or pfsense is detecting this issue and blocking it as a security problem.