Firewall Blocking sites when it shouldn't

Similar Messages

• Firewall is blocking SSH when it shouldn't be

  I had a [problem with SSH|http://discussions.apple.com/thread.jspa?threadID=1990417&tstart=0] on my iMac not long ago where SSH was being blocked by the Leopard firewall, even though it is configured to allow it through. I have the firewall configured as "Set access for specific services and applications" and "Remote Login (SSH)" appears on the list automatically since Remote Login is enabled on the Sharing tab of System Prefs.
  The first time I had the problem I solved the problem by turning off the Leopard firewall ("allow all incoming") and then turning it back on again (in "specific services" mode). I thought it was just a one time glitch being the first time I'd ever tried getting SSH to work. After that it worked great until restarting my iMac yesterday when the firewall started blocking SSH again. Once again, turning off the firewall and then turning it back on again resolved the problem.
  Any ideas? Anyone had similar problems?

  Most routers thesedays even consumer routers have a stateful packet inspection firewall and also NAT.
  With NAT unless you specifically open ports from the router to your mac then the outside world cannot access any of the services on your mac.
  If you want to use SSH from the outside world then you would have to portforward tcp port 22 from the router to your mac. But this is not a problem if you use a strong password eg not a dictionary word or name or better still you can turn off password authentication in your ssh configuration and use public key access only.
  So if you have not opened up ports on the router then your application firewall is only preventing access from other computers on your local network.
  Call me paranoid, but I don't know anything about how solid the router firewall is, whereas I have much more confidence in the OS X firewall.
  If you are savvy enough to know about and how to use SSH then it should be really easy for you to find out how good your router's firewall is. Understanding a router's web interface is far less demanding than learning how to use SSH.
  In most cases you simply put the router's IP address into your web browser and you can see all of its services.
  But something you should be aware of it is not really incoming connections you should be concerned about. It is outgoing connections that require more control.
  For example if you were socially engineered by a website or elsewhere and they convinced you to install a trojan or spyware on your mac then your Mac's Application firewall would not stop these processes dialing out.
  Little Snitch from obdev is an application aware firewall that controls your outgoing connections and is far more useful than the mac's application firewall on a desktop computer behind a router.
  Apart from that, I'd really like to understand what's going on!
  Did you try nerowolfe's suggestion of creating a test user account and login in as that user and see if the problem is still there?

• Firewall blocks service when started from launchd

  I run lighttpd (installed from MacPorts), and it is binded to port 80. I am trying to make the Leopard Firewall play nice with it.
  The firewall is set to 'Set access for specific services and applications', and the lighttpd binary is on the list of applications set with 'Allow incoming connections'.
  When I start the service manually, it works fine, and the firewall allows outside connections to port 80. However, I use the launchd script shipped with MacPort's lighttpd to run lighttpd on boot.
  The firewall appears to block incoming connections to port 80 when lighttpd is started from the launchd script on booting, but allows incoming connections to port 80 when lighttpd is started manually from the Terminal.
  Any idea how to get the firewall to play nicely with lighttpd when started via launchd?

  Hi Steve,
  Welcome to msdn forum.
  Here are some references:
  Enable keyboard layouts for different languages
  How to change keyboard language in Windows
  How to Change Your Keyboard from American to English
  This forum is to discuss problems of Application Compatibility for Windows Desktop Development . Your question is not related to the topic of this forum.
  Hey, Could ya read this before posting
  to this forum? (plus main support link)
  Hope this helps you.
  Best Regards,
  Eileen
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Firewall blocks port that it shouldn't

  I have a WinXP client that wants to pass through our xserve (NAT/firewall) to get to an external VPN. I opened up the required ports in Server Admin -> Firewall -> Services (VPN ISAKMP/IKE - port 500 TCP/UDP - the predefined setting, plus UDP 259, 2746, 18234 - a custom setting) for the "Any" interface. The client would authenticate, then fail to connect. I turned on logging in the firewall and then filtered for the XP machine's IP address (192.168.8.x). Strangely, it was showing denied packets on UDP 500 (filtering on the catch-all rule 65534).
  I created a new rule (in the advanced pane) to allow incoming from the remote server's IP (any port) and the client can now connect. Why didn't the predefined rule work as expected? Have I configured my firewall incorrectly?
  Any insight appreciated.
  Thanks,
  Miles

  The GUI for setting up the firewall hides the actual rules from you. If you can, enable the default rule, and then in Terminal:
  sudo ipfw list
  and then disable the default rule.
  The listing in Terminal is the rules that the firewall is actually executing, and the issue should become apparent.
  Roger

• Firewall blocking video chat connection

  I tried to video chat with my wife today from work on my PlayBook. Got a message about a firewall blocking it when it tried to connect us. It gave no further info so it's kind of hard for me to figure out whether this is my work wifi or my own router at home causing this.
  Where can I find more info on this?
  Staff UI Prototyper (read: full-time hacker)
  My BB10 apps: Screamager | Scientific RPN Calculator | The Last Weather App

  Hello TheMarco,
  Do you know if porting forwarding has been enabled for the firewall settings?
  -HMthePirate
  Come follow your BlackBerry Technical Team on twitter! @BlackBerryHelp
  Be sure to click Kudos! for those who have helped you.Click Solution? for posts that have solved your issue(s)!

• I am unable to proceed to a blocked site.

  When I try to visit the site, www.thehun.net I get the following:
  Webroot has blocked access to a potentially threatening site
  http://www.thehun.net/
  This Web site has exhibited suspicious behavior or is similar to Web sites that are known sources of malware, viruses and spam. Visiting this site may put you at risk or compromise your identity or privacy.
  Proceed to blocked site
  When I click Proceed, I get some unknown site that looks like a Google page.

  As a workaround kill the Firefox and any related processes e.g. plugincontainer.exe using for instance task manager
  * [["Firefox is already running but is not responding" error message - How to fix it]]
  '''IF'''' you have Firefox set to clear History at close down it is probably a known bug. Set Firefox to remember History.
  * New Button -> Preferences -> |Privacy| History Firefox will [Remember History v]]
  You can use Private Browsing Windows if it helps, but you may need to close these before closing down Firefox
  * [[Private Browsing - Browse the web without saving information about the sites you visit]]
  The bug is being worked on. if you do not wish to wait for the fix to get to the Release There is a possible fix in the Beta channel version of Firefox
  * http://www.mozilla.org/en-US/firefox/channel/#beta/beta-desktop
  (If you consider installing that do NOT use any option that deletes personal information; do not delete the profile - In fact there is no need to uninstall Fx29 just install Fx30 over the top of it)

• Just downloaded Kapersky internet suite 2015 and now when I try to access Gmail a screen pops up that says Firefox has blocked site since this is an "untrusted"

  Since downloading Kapersky Internet Suite 2015 when I use Firefox a screen pops up that says:
  This Connection is Untrusted
  You have asked Firefox to connect securely to mail.google.com, but we can't confirm that your connection is secure.
  Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
  What Should I Do?
  If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
  How can I access gmail? ( this also pertains to other Google sites)

  hello cornea1, try to disable "encrypted connection scanning" within kaspersky's settings > additional > network.

• Limit on Blocking Sites

  I have an EA6300 router.  I have come across a problem with the limit of blocking sites.  So, I have 4 kids who like to use the computer to surf the internet.  Typically, stuff kids like to do. I have 2 dedicated computers for the kids to use in my house.  One main computer they like to use, I manage with Parental Control to block sites.  Unfortunately, the limit is 10 sites that I can block.   I need the ability to block more than 10 sites on one managed computer.  I can block the main sites, Youtube, Twitter, etc.. but I can't ignore the other sites.  The point of managing this computer is to make sure they don't go to inappropiate sites and social media sites.  As my kids come across more sites, I can't control it if I am limited to 10 sites.
  The point of having this type of router is to "manage" the computers they use.  Again, when I speak of "manage", I am speaking of having some sense of control over which sites are good and which sites are bad.  I am trying to allow the good sites and not allowing the bad sites.  I don't want to install some sort of "firewall" or parental type software in order to make up for the limitation of block sites.
  Has anyone come across this problem before on the EA routers?  Is there anyway around this 10 limit block?

  I think it is a very poor design flaw on the part of Cisco or Linksys to restrict ONLY 10 sites per computer.  It is my part as a parent to monitor website activity at home.  Just like every parent should do.  I think the Smart WIFI routers are good but this limitation sucks.  I should NOT have to use 3rd party software to monitor and restrict website activity.   

• Sophos Firewall blocking local debugging on VS 2013

  Sophos Firewall is blocking local debugging on VS 2013. Unfortunately the firewall log isn't saying much about what is being blocked. The article below says uninstalling and reinstalling would work but that doesn't seem to be the right solution. 
  https://social.msdn.microsoft.com/Forums/en-US/56ef23f8-5906-448e-b967-4da3bd2f981d/x64-unrecognized-error-occoured-in-the-windows-web-services-framework-vs-2013?forum=vsdebug

  Hi Questionqwe,
  Thank you for posting in MSDN forum.
  Based on your issue, could you please tell me what operation you do and then get the error message?
  Whether you debug a project from VS2013 and then get the error message?
  If yes, you get the error message for a specified project or all different type projects get same error message.
  Generally, I know that when we debug a project in the VS2013, the firewall may be impact the VS debug. So the better way is that you disable the Sophos Firewall or un-install the Sophos Firewall and then check if you can debug your project successfully in
  this VS2013.
  In addition, since this Sophos Firewall is third-party tool, we are not support it. So if possible, I suggest you can consult this issue directly to the Sophos Firewall official site:
  http://www.firewalls.com/contacts/ , maybe you will get better support.
  Thanks for your understanding.
  Best Regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• The list of blocked sites is empty.

  Have used Firefox for years. There should be a healthy list of blocked sites (exceptions to cookies).
  Privacy: always use private browsing mode - ticked
  Accept cookies from sites - ticked
  Accept third party cookies - always
  Exceptions - shows as blank (no sites listed)
  Cookies (only Google, coz I'm using it - I always clear out after session).
  Reason for question: wanted to check that I hadn't got a site blocked, as this site repeatedly times out - I can't respond quickly enough to the ALLOW button when I get the "Firefox prevented ...." message.
  Help!

  Current Firefox versions do not show the Cookies in the Cookie Manager when you are in (permanent) Private Browsing mode.<br />
  In Private Browsing mode all cookies are session cookies that expire at the end of the session (all PB mode windows closed) or when you exit Firefox.
  In case you are using "Clear history when Firefox closes":
  *do not clear the Site Preferences
  *Tools > Options > Privacy > Firefox will: "Use custom settings for history": [X] "Clear history when Firefox closes" > Settings
  *https://support.mozilla.org/kb/Clear+Recent+History
  Note that clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, and passwords.

• Pictures I have taken in the past with my iPhone 5 are now a block and when I click the photo it says loading but never loads. It's like I never took the photos. There's only the blocks with no pictures. I can't click edit or anything

  I'm trying to look at my past photos in my camera roll but all that's there is a block and when I try to click on it the photo says "Loading" but nothing ever shows up. I can't click edit or anything. When I plug my phone in to my computer and open the photo folder they're not even there. It's like I never took these photos

  I notice that the home page redirects to a secure (HTTPS) address. I wonder whether there is a setting blocking this? What if you go directly to a secure page -- will it load?
  https://www.itvsn.com.au/include/sweb.dll/product?product=155602&category=92010&site_id=ITVSN
  Your add-ons list shows AVG, ZoneAlarm, and McAfee products. Could one of them be blocking this site? See whether you can add exceptions or just disable them temporarily and test whether that helps.

• Can't access some sites when using Aiport Express, why?

  I'm using Windows 7 and my router is a wireless Apple Airport Express that is approximately two years old. Suddenly I can't access some sites (for example www.sthlm.friskissvettis.se, or www.vegetarian-shoes.co.uk, some streamed tv-shows on svtplay.se, and a number of other random sites) when connecting to internet with my router. It worked good until recently and I'm fairly sure this problem emerged when my ISP upgraded from 10/10mbit to 100/10mbit speed. Most other sites like facebook and google works fine.
  When using my network cable to connect to internet everything works fine and I can access these sites.
  Firmware is current and I've tried reseting the router to factory defaults.
  Tried different browsers, and I can't ping the "blocked" sites either. Tracert www.sthlm.friskissvettis.se starts with 10.0.0.1 and continues through a number of long addresses until it says timeout. The last working address before timeout was sth-tcy-ipcore01-ge-0-2-0.neq.dgcsystems.net [83.241.252.13], if it matters. Tracert www.vegetarian-shoes.co.uk also eventually gives me a timeout.
  When the network cable is plugged in, I still get timeout on tracert www.sthlm.friskissvettis.se even though I can access the site in Chrome. Weird. www.vegetarian-shoes.co.uk doesn't give me a tracert timeout when the cable is plugged in, and I can access the site as usual.
  I've tried changing DNS servers to use opendns servers instead, but to no use.
  I've tried pinging these two sites with a lower MTU packet size (with this method: http://www.richard-slater.co.uk/archives/2009/10/23/change-your-mtu-under-vista- or-windows-7/), but still can't access them through ping...
  I don't know what to do anymore.... any suggestions???
  Thanks

  Hi Punice
  first try to disable JavaScript from : Firefox button (or Tools menu) > Options > Content panel > '''UNcheck''' Enable JavaScript.
  if the above does not help check with a few malware/virus scan programs for virus. You need to use all programs because each detects different malware. Make sure to update each program to get the latest version before doing a scan.
  http://housecall.trendmicro.com/ - Trendmicro online
  http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
  http://www.superantispyware.com/ - SuperAntispyware
  http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
  http://www.lavasoft.com/products/ad_aware_free.php - Ad-Aware Free
  http://www.microsoft.com/windows/antivirus-partners/windows-xp.aspx
  check also for a rootkit infection with TDSSKiller.
  http://support.kaspersky.com/viruses/solutions?qid=208280684
  thank you

• 10.6 Server's Firewall Blocks It's Own Internet Connection

  I had this problem about two years ago when I was trying to run 10.6 on my home server (Mac mini) for the first time. Eventually I gave up, reverted the mini back to 10.5, and ram problem-free for years. When 10.7 came out, I tried to upgrade the mini to that. That didn't go well either, but mostly due to Lion missing many many features (suprise!). So I figured that 10.6's problems were fixed by now, and gave it another shot. It went fine and I've been running for about a month problem free (or so I thought). But now it's offline again. I finally found one other person on another forum that had the EXACT same problem as me. And reading this description, I realize that I have been having problems all long, I just assumed they were my ISP's problems, not my own.
  So here's what happens. The firewall in 10.6 server will "freak out". It will be running normally, then suddenly it will go haywire and block everything. And I mean everything. My computer won't even be able to get an IP via DHCP. Everything is blocked. But as soon as you stop the firewall, everything works normally. You can even modify the firewall rules, and set it up so there are NO deny rules, and EVERY connection to and from every host is set to allow. And the firewall still blocks everything. This is the same exact thing that happened 2 years ago when I first tried to run 10.6 Server on my mini. The difference is that back then, this would happen either immediatly, or within a day. This time around, with 10.6.8, it took about a month before suddenly, without any provocation, all internet connections stopped.
  I've had this happen on multiple computers. I don't do anything special, I just set up a basic firewall scheme where everything in the LAN range is allowed, and everything from "any" is allowed only to service ports I'm running. The basic gateway setup. Now I was running 10.6 Server on my laptop (for netbooting) and it would do the same thing. But because my laptop wasn't acting as a gateway, I could just turn the firewall off (you need the firewall for NAT). My mini server IS acting as a gateway, as was another mini I set up for a client of mine (that eventualy I changed over so they were running off an airport, and the mini server was just a client. But I don't want that setup at home, I want my mini to be the router).
  I have verizon Fios internet. 25/25, it's great. The ONT is in my basement, and it's plugged into the same fused outlet as our freezer. From time to time, when the power goes out, it trips that breaker and the outlet goes dead. My itnernet is gone and I have to go reset the outlet. Once I do, my mini won't get an IP from Verizon until I reboot the mini. Not once. Not twice. Usually 5-10 reboots, and suddenly it will get an IP. I always assumed this was a verizon problem. Until I read someone else's post about this same problem. Turns out, that's the firewall blocking DHCP again! If you turn the firewall off, you don't have to keep rebooting, it will grab an IP right away.
  At least I'm not crazy! So what is going on here? Does anyone have any idea what is going on with my firewall, or how I can fix it?
  Lastly, after 4.5 hours of complete inability to get an internet connection with the firewall on, it just started working again. I now have fully functional, normal internet. I find it hard to believe 10.6 has a firewall that is simply broken. I find it even harder to believe I'm imagining things, or that I've had fluke after fluke. Something is going on with 10.6 Server.

  The DNS skapegoat just doesn't make sense.
  Why would "improper" DNS cause OS X's firewall to block all network connections? Even the server's ability to make it's own DHCP connection?
  As far as a router, I don't want to use a cheap unreliable residential router. I have a home file server that, aside from running 10.6, makes a super reliable router. And port mapping aside, OS X Server's DHCP server is great to use. Rock solid. It makes no sense to run a cheap residential router when I have a home server. Then every 6-18 months, I get to deal with that router slowly failing, as my internet connection gets slower and slower. No thanks.
  So back to this firewall issue. I've talked to Apple aobut this before, and they give the same generic "DNS has to be right" answer to basically every problem I've ever had with 10.6 Server (hinting at endless CalDAV problems). But no one has every explained what that specifically means, or how something like wrong DNS (whatever that even means) can cause the firewall to block everything. This just makes no sense to me. And this especially does not explain why, after 10 reboots or so, everything just magically starts running normally.
  I just had an incedent today where I woke up to no internet. I rebooted 3 times. Each time, I either got a self-assigned IP address, or the ethernet interface would toggled between "unplugged" and "no-ip". I could turn the firewall off and the server would INSTANTLY start functioning normally. I'd happily run without a firewall, and just turn all services I'm not using off. However NAT needs the firewall, so without the firewall, the Server is the only Mac on the network that has an internet connection. So I kept rebooting and rebooting, and I think about 8 reboots later, like magic, the server came up, grabbed an IP, and everything started working normally.
  Also my IP through my ISP is dynamic, and that isn't going to change. So yes, I am trying to use OS X Server as my router on a dynamic internet connection. I've been doing this since the days of Mac OS X Server 10.1. Only 10.6 has had any problems at all.
  So really, "10.6 is more picky about DNS" isn't an answer to this problem. Or, at least, it's not a sufficient answer. I need much more information than that.

• How to block sites

  when I use the yahoo search or any search I am redirected to a another site with link loosely related to what I typed into the search bar and I can not get to the resulted links I click on ..we need a way to Immediately block sites like this. does firefox have its own search engine? I am tired of google and yahoo search.

  When I open Safari on my iPad there is a really annoying Greek site www.weeklyprizewinner.co-net I can only get shut of this site by clicking OK and then shutting it down. Until I do that I cannot use Safari. Is the any way I can put this site into a blocked list? or is there an app that will let me bar certain sites?
  John 

• Profiles - I have an iPad 1st gen, run iOS5 have have a Profile set up with Lotus Notes to get work email. I want to get a VPN so i can access blocked sites as I travel around the world. The VPN will install a new profile. Can I have more than one

  I have an iPad 1 and have a profile set up with Lotus Notes for work email.  As I travel around the world I want to install a VPN ( my companies uses a VPN but it is only for work)  so I can visit blocked sites.  When I install the VPN it want to change the profile.  Can I have more than one profile on the iPad or will the VPN overwrite the Lotus Notes profile?
  max

  Yes, you can have more than one profile installed.