Cannot load sites with pfSense Split DNS / Host Overrides in Firefox

I have configured DDNS and Reverse proxy on my own domain and am able to access my docker web UI via public proxy. When trying to configure Host Overrides however I am get refused connection for HTTPS or my unraid web ui when using HTTP. There is also very weird behaviour where sometimes firefox does not work but other browsers work fine. I have just configured a new service on a new sub-domain and it seems to work fine in chrome or edge but not Firefox. I tried clearing cache/cookies, incognito tab, diagnostic mode, disabling ipv6 and dns prefetching but nothing worked. Same even on a laptop never used to access this sub-domain. I must be missing something simple but cannot figure out what. Any ideas?

I am assuming that host overrides would be completely local so the issue must be with my server or pfsense config.

I have am port forwarding Port 80 to 180 and port 443 to 1443 and have host overrides for the same host/domain as the one that is working remotely.

Disable dns over https in firefox. If that’s on host overrides dont work

1 Like

Thought that would be it but no, DNS over HTTPS is disabled by default and never enabled.

are you pointing the local dns to the local ip or the ip of your gateway? if the local ip is port 443 and 80 also forwarded in addition to 180 and 1443?

that firefox does not work is a pretty strong indicator its not using the hosts file. this is windows I take it?

It actually looks like its not just Firefox as the last service I setup works on my Windows Desktop in Edge/Chrome but an a laptop it doesn’t work on any browser. My pfSense config below:


DHCP Static Mappings

Port Forward

Port Forward 443

Host Overrides

nat reflection try both options other than default to see if that works (assuming your routers IP is what you’ve setup in DNS)

1 Like

The reason I went with Host overrides was so I wouldn’t have to use NAT reflection. From what I understand NAT reflection is an inelegant solution. Am I missing something here?

I tried enabling one of the NAT reflection options but now I can no longer reach pfsense at all though everything else seems to be unaffected.

Mostly for diagnostics. If nat reflection works we can keep digging.

Not sure why yesterday web UI became unreachable but works ok now with any NAT reflection rule. Changing 443/1443 or 80/180 port forward rule to “Nat + Proxy” or to “Pure NAT” did not make any apparent difference.

I also tried accessing from Ubuntu Live image with all HTTPS subdomains unreachable from Chromium and Firefox. HTTP url opens to unraid web interface. Ubuntu IP is assigned by pfSense DHCP server.

From the Windows Desktop I am able to connect from Chrome and Edge but not Firefox. HTTP url also opens unraid web UI in Firefox but Edge and Chrome work just the same as if HTTPS url was entered. I am guessing there is some sort of caching here somewhere. Windows PC IP is statically mapped by pfSense.

DHCP range is - No idea why it would make a difference but maybe this is related to differences in behavior across devices as Desktop falls outside of DHCP range while Ubuntu Laptop does not.

Maybe a silly idea but which version of Firefox do you use?
If you use the regular version, maybe you could try it with Firefox ESR instead?
Just to determine if the issue might be related to the newer versions of FF.
Or lets say one of the features that were added to the regular version of FF.

The ESR version (Extended support release) of Firefox is still on version 78.x.
Might be worth to give that a try, to see if that does work or not.
Firefox ESR is both available for Windows and Linux.

Note: did you also check if ¨https only connections¨ are disabled in Firefox privacy settings?
This ¨security¨ feature is added to the later regular versions of Firefox 88 and up.
And might be enabled by default.

Because you are mentioning that Edge and Chrome seem to work, but not Firefox.
Maybe it might be worth a try. :slight_smile:

Well, it only works in chrome/edge on my windows desktop but not a laptop so it couldn’t just be a Firefox issue.

Firefox is on “Don’t enable HTTPS-Only Mode” setting which I assume is the default since I didn’t touch it.

In the end the browser discrepancies must have been caused by caching as now all browsers work except Firefox. There must be a bug or some feature removed from Firefox. I guess I will have to find a browser that works as intended as I see no way to get Firefox to work.