So today I had an interesting event. I have 2 pfsense boxes, 2 connections, both running 2.5.2.
One of my users, called me this morning reporting that their HTTPS site on standard port wasn’t working (happened to be a windows server). After significant testing assuming the box (it is Microsoft after all lol) was the problem and eventually moving their site to another port 8081 (which they also had already open and pointing to a new server that they were testing) they were back in service with the old server on the new port. This worked for them for now because of how they do the redirect’s for their users.
However the port 443 problem still exists. So I took a look at my other firewall, and to my surprise it too has the same issue. Port 80 is fine, but port 443 wasn’t working. If I tried to connect remotely, I got a weird no route to host error from openssl, but it is obviously working because regular http works. This time this going to my personal linux box so definitely not an os issue.
These were both working and have been working for months and months.
So i tried to shake it loose (I’m still not sure if it’s a firewall rule issue or a nat issue, or something else except that both of them are 1-to-1 nats so in theory it should be an all or nothing thing). I’ve tried changing firewall rules, adding and removing logging on the https rule, a filter reload, a wan interface reset. Nothing seems to help… The only thing that did help was a complete reboot of the firewall.
I should note that only port 443 seems to be affected. Across both connections there are other ports, http, vpn, mail, dns etc etc that were not impacted. Even the HTTPS running on an alternate port 8081 was fine, seemed to only be 443. Oh and the firewalls have had their https ports moved to port 5000 (although the management was not on that particular wan ip anyway so shouldn’t have mattered)
I’m curious if anyone has seen this before, and if anyone has any other tricks that I might try the next time this happens (I’m assuming it’s going to happen again since I haven’t actually fixed anything). Anything else I could reset/reload without kicking the entire box?