If you put in a really broken static route, like one for a locally connected subnet you're on, and you remove it, it'll break connectivity for the subnet you had the broken route on. Easiest way to fix that is just reboot.

I'm trying to setup WebGUI access on the WAN (temporarily for testing purposes). I can't figure out why my custom port doesn't work. If I leave custom port blank and create a rule under the WAN tab to forward to the HTTPS port I can access the WebGUI from an external computer. However, when I set a custom port and change the WAN rule accordingly it just times out when I try to connect.

Works:

Does not work:

They must have left some <service>tags behind in the config. They'll need to be edited out of the config manually.</service>

None exist that I'm aware of. You'd have to pull the data from the RRD data files. You can look at the RRD summary package for some ideas there.

@marcelloc:

Disable redirect rule on same advanced options.
And use pfsense gui with ssl.

This worked, Thanks!

@podilarius:

The redirect rule sure, but you also have to adjust the firewall rule that normally blocks WebGUI access on the WAN interface so that it allows port 8500.

I originally created a NAT port forward rule to 192.168.1.1 (pfsense box) & that automatically made a firewall rule, but it still didn't work that way.

From my internal network my server is on 192.168.3.2, i have to access the website via typing 192.168.3.2. I can't use my domain name to access my website from inside my network, i get a "connection is taking to long to respond" error. However i can access my pfsense box via https://mydomain.com, but not my website on the regular http side. Just find this weird. However from outside world http://mydomain.com does lead to my website & https redirects to my pfsense login.

I did already configure NAT reflection, as I said I can access my pfsense box internally via my domain name, but not my server via domain name, but it doesn't really matter for internal use. As long as it works from the outside which it does.

Sorry for the late reply…I didn't get an email saying anyone replied though I've got my preferences set to send me an email....strange.

Thanks for the suggestion...I wasn't aware that you could apply the full update to the existing version (I've only bee using pfSense for about a month).

I have the pfSense book, but this was a bit beyond the abilities of that book.

That did the trick! Thank you!

If it's any assistance to someone in the future, I've been trying to install Snort (before it was listed as snort-dev) and the install failed.  I then chose the 'reinstall' option, which hung on "Deinstall commands..." and that was the end of it.  Now, snort is listed as an installed package (though it's not in the services menu) and it cannot be re-installed or removed.  Guess I'll just leave it for now.

Thanks again for the help!

I will only be able to provide logs up until this upcoming friday as I'm expecting to re-install pfsense on sunday morning.

Steps to recreate:

install pfsense while BIOS date is set to 2005. After installation is complete login and set webUI to HTTPS with default webconfigurator certificate. Reboot pfsense and update BIOS date to 2011. Once PFsense loads it will not allow login via HTTPs. An IP update will need to be made in order to switch back to HTTP ( or mod config file manually). Once all this is done and running on new CERT, proceed to load the traffic graph page or dashboard page if you still have the graphs added to it. the web UI will hang and not be responsive again.

Why not choose "TCP/UDP" on the firewall rule/port forwards? It would then work for both protocols.

I've found that resetting your LAN IP and restarting web gui from console helps.

Only change that takes place: it changes HTTPS back to HTTP. It appears to me that HTTPS setting is what breaks it.

I examined. I tried to change DNS and didn't work.
I can browse www.pfsense.com but when i ping by diagnostics, unable to connect.

SSH in or access your console. You can hard re-code it back to http in the <webgui>section of your config (/cf/conf/config.xml)

Replace your <webgui>section with

<webgui><protocol>http</protocol> <certificate><private-key></private-key></certificate></webgui> ```</webgui></webgui>

@lonevipr:

Wow not sure what happened. Went to try to install this theme on my 2.0 RC3 PFsense install. I copy & pasted the 3 commands you had & clicked execute on each. Then I tried to goto the general setup tab to change themes & now I can't access the webgui period. All I got is error:

Fatal error: Cannot redeclare log_error() (previously declared in /etc/inc/util.inc:801) in /etc/inc/pfsense-utils.inc on line 838

No idea what I did or how to fix it. Help please!

:( This theme is not tested on 2.0!!

This theme hasn't been tested with 2.0. You may have to manually edit your config to go back to another theme.

I found out what the user agent string for the browser was and added it to the list. So on new snapshots after the commit I just made, it should switch the theme automatically on BlackBerry (as well as Opera Mini/Mobi)