@jaskaranc You can roll back your configuration from the console using menu option #15 to restore a previous config. The last 30 changes are backed up on your firewall by default.

If you cannot figure out which one to use you can disable the firewall part altogether by going to menu option #8 (Shell) and running the command

pfctl -d

and that will disable the ENTIRE firewall. You can re-enable it by either applying filters (Status->Filters) or using the command

pfctl -e

I just resolved this. My provider provides a static IP address but said we can leave our router at DHCP assignment and it will pull that static. Well apparently if it is DHCP assigned it was blocking traffic. I changed it to static on the netgate and now it is passing the traffic.

I wanted to close this topic off as to what caused this issue to be present. In case others find themselves in the same predicament. The software appears to have an issue where if you intend to assign a Static IP address and DO NOT assign one.

Meaning if all you did was add in a friendly name (Host Name) and Description but leave out a IP address. Doing so breaks the ability to sort the network appliances by IP addressing which scale from small to large numeric values.

I'm really unsure why that would cause the entire sorting feature to break, but it does.

Regardless, if someone finds their system unable to sort correctly using the IP Address column. The root cause is there isn't a static address assigned to something in the pfSense system.

Apologies on the late reply as put this on the back burner while others tasks bubbled up.

Happy New Years to all! 👍

@rcoleman-netgate Ok, thank you.

@caymann

Are you trying to reach it from an outside source or from your LAN? You probably need NAT reflection turned on if from your LAN..

@thomass-0
Not much help ...
But last week i installed squid on my "Test fw": A - pfS 2.6.0 on a Core i3 w. 8GB Ram / 64GB disk. It installed without a hitch.

/Bingo

@Jarhead

The info helped, try this.

Login to the pfSense GUI via any other route that the LAN interface. If you do not have another method, set one up (OpenVPN, LAN2) Unplug the LAN ethernet (might not be needed but you need to do it any way) Interfaces --> LAN --> Edit --> Disable Save and apply changes Interfaces --> Assignments --> LAN --> Change the Network port Save changes Interfaces --> LAN --> Edit --> Enable Save and apply changes Plug the ethernet cable into the new socket should be working now, but a reboot for me did not harm

And obviously reconnect via the LAN to test

Hi. i have the same problem in google chrome. often have to delete cookies. there is no solution? noticed that it occurs only when I enter the domain name. if I go to the internal ip, everything is always fine.

OK, I think I have worked it out, its Bitdefender complaining that the HTTPS is invalid when it first connects as there is no cert so Bitdefender goes into defense mode, says the certificate is invalid and asks if you want to create an exception and continue.

If you agree to the exception, it goes to the login page and when looking at the logs you can see the error messages. If I then logout, log straight back in again, because the exception is in place, pfSense does not generate the login error.

I finally figured it out after a day and a half of troubleshooting. I was able to get all interfaces except LAN and WAN configured with the names I wanted, then I did change by change and tested.

First I enabled IPv6 on LAN with an IP ::1.
I saved this, but did not apply the changes.
I next when to the DHCPv6 settings into the RA screen and changed routing to disabled.
I saved that screen and returned to the LAN interface.
I removed ::1 from the IPv6 IP and changed IPv6 to disabled, then saved and applied.

This allowed me to change the LAN description to what I wanted. After applying the new name, I tested and the interface was still up and I was able to access the internet.

To change the WAN,

I changed and applied the new WAN name. This killed my access to the internet. I was getting a "Destination host unreachable" message trying to ping any internet IP.
I then figured out to change the default route from Auto to the specific new WAN interface name. I figured this out because I was able to ping my WAN IP and the WAN gateway, but nothing else from the pfsense box. Once the WAN route was changed from Auto to the new WAN name, I was able to get out.

It is an extremely simple fix, but it took a while to figure out what combination would work. Hopefully this helps someone else that may be looking. The LAN trick was taken from a reddit that I found. It took a little while to figure out the WAN default route issue. When I was ssh'd into pfsense, trying to ping an internet address gave a "no route to host" message, which led to the solution.

Hope this may help someone else in the same boat. I'm not sure why the Auto feature wouldn't pull up the WAN, other than it possible does the auto detection just based on an interface with the name "WAN".

@viragomann That would make more sense than trying to manual edit nginx rules make it work. It would be nice if they added the ability to bind the webui to specific interfaces in the future but I imagine that this is a pretty niche use case. I'll give your suggestion a shot and see what happens.

@dominikhoffmann Looks like the login from my Snom VOIP phone:-

Screenshot 2022-11-23 at 15.49.51.png

@steveits Thanks. Yes, I did set up an alias for the 2 IPs that I want to have remote admin access and only those source addresses are allowed in the policy.

@cylosoft I agree, the systemlogs is a great potential area for a new package for pfSense. Obviously having some real log analytics and trend history with filtering capabilities straight out of the Firewall would be nice, but I understand that larger installs would not need that - hence an add-on package that you could elect to use - in case a graylog/splunk whatever install is not an option to you.

If only I was a developer and knew how to code…..:-)

@luckman212 said in Live refresh for dashboard Services Status widget:

snapshot and try to update this to merge cleanly. Thanks

Cool then we get "live widget updates", thank you both also.

@lanna Why posting an actual photo? 🤦

@petri said in webGUI not accessible from VLAN but ...:

Client connected to em2 cannot access to GUI if em1 doesn't have an active connection

Normally you would have interfaces connected to a switch, and not some single device.. But if an interface is not up then no you wouldn't be able to connect to its up, because the interface is not up..

https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#policy-routing-configuration

Why would you not just fix whatever it is your wanting to happen on lan interface not doing what you want for your vpn??