Can ping DNS names but cannot browse them on Pfsense client machines

anooprk · July 2, 2020, 11:29am

I am using Pfsense 2.4.5-RELEASE , facing a strange issue with Firewall FQDN-Aliases rules. I wanted to restrict a machine accessing internet to limited websites. So I have created Alias names with couple fo domain names and created firewall rule like this

LAN > PASS rule > TCP/UPD > 192.168.10.20 > Allowed_internet
192.168.10.20 also allowed DNS port 53

Firewall Aliases >> Allowed_Internet >google.com,msn.com

I am able ping to google and resolve dns names but page is loading on browser

But if I modified the rule with any . Client machine get open internet

No DNS-Server/Resolver /Forwarder on the firewall is used.

This issue is becoming a show stopper!!! Has anyone run into the same problem . How can we fix this

Thanks
Anoop

brwainer · July 2, 2020, 12:13pm

Probably because modern websites load resources like CSS, JS, and images from CDNs, which rarely share the same domain name as their parent website. Watch the Network monitor (press F12 and go to the Network tab) to see all the things the browser is trying to load.

garethw · July 2, 2020, 10:43pm

I agree with @brwainer.

I would try loading a really simple site that doesn’t pull anything extra and see if that works. Do you have access to a hosting account anywhere, just a simple html hello world page would do.

anooprk · July 3, 2020, 8:43am

Brilliant … You are right. Thank you

anooprk · July 3, 2020, 8:45am

Thanks mate… it was blocking external library