Cannot gain remote access to WebUI
-
I have mimicked the exact same settings as I have on several other pfsense boxes to no avail. Can anyone see my mistake from the attached? Custom port is 8082. The webadmin ports alias is set to 8082, 443 and 80 just in case. Initially of course I limited source to my office ip (remote to this box).
-
Like this :
?
Works fine for me.
Visiting https://home.my-pfsense-wan-IP.tld:443 gave me access to the pfSense GUI.
That is, I had to NAT also my upstream ISP router, of course.
-
@gertjan the webui is on 8082 for this box. I'm not sure what your point is! But thanks
-
@gertjan my WAN rule set is this:
I cannot move the webGUI rule to above the 2 block rules if this is the issue?
-
I know. You said :
@orangehand said in Cannot gain remote access to WebUI:
webadmin ports alias is set to 8082, 443 and 80
Mine is "443" so I created a webadmlinport alias that contains only 80 and 443.
I could have added 8082, and change the pfSense config so it listens to 8082 :and that also works fine, after changing the "443" port redirect to "8082" for my ISP upstream router.
-
@orangehand said in Cannot gain remote access to WebUI:
if this is the issue?
Noop :
Nothing hits the two initial block rules : their counter are 0.
Be sure that this one is ok :
by making it "any" first, just for testing.
-
@gertjan I don't want to seem ungrateful, but I know your rule works, and all my other identical webgui rules work on other boxes. I am trying to work out why it doesn't work on this one!
-
@gertjan I'd tried any. No dice!
-
What is in front of your pfSense ?
Is your pfSense WAN IP an RFC1918 ? -
@gertjan the fibre/fttp socket. Access is via PPPoE from this box
-
@orangehand sorry - yes, it's a public routable IP, and ovpn works fine back to that address.
-
@orangehand said in Cannot gain remote access to WebUI:
I'd tried any. No dice!
Oh yes, that valid usefull info !!
Now I know that nothing reaches your pfSense WAN interface, port 8082, TCP.
Otherwise, the rule would be a match.
That is, I presume :- you connect like this : https://some-url-to-you-wan-IP-here.tld:8082 (or : https://a.b.c.d:8082)
and - You do not connect from within your LAN, but you are using your phone with the Wifi shut down = you are really connecting from the out side.
Also : using IPv4, right, not IPv6.
- you connect like this : https://some-url-to-you-wan-IP-here.tld:8082 (or : https://a.b.c.d:8082)
-
You can start a packet capture on your WAN interface.
Select TCP - and port 8082.If something comes in, it will get captured in the resulting log.
edit : like this :
-
@gertjan 1: yes and 2: I am remote on my own FTTP LAN so it is a true test with no risk of cgnat etc
Will try the packet capture, thanks
-
@orangehand output is:
10:05:57.099569 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:05:58.197408 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:05:59.281622 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:00.328195 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:01.351961 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:02.383762 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:04.445801 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:08.830995 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0I have to confess I don't know if this is good or bad!
-
@orangehand the IP's are correct
-
@orangehand said in Cannot gain remote access to WebUI:
the IP's are correct
I tested
https://51.148.xx.62 port 8082
... nothing replied like nothing is listening on that port.sockstat -l | grep '8082
confirms that the GUI webserver is listening on 8082 ?
Or go back to the default 443 for a moment.
-
@orangehand This box was a new SG1100 which I installed yesterday. Out of the box it was not working at all well. I had to reflash it using the recovery image sent by Netgate. This image retains the original settings, or some of them. I am wondering if the reflash has cured all the problems. Anyone know how I would totally reset it to defaults? Another odd issue I am having is that MY OpenVPN connection to that box was working earlier this morning when I set it up and now, with no changes to the 1100, it is not. The customer's own ovpn connection from INSIDE his LAN is working fine.
-
@gertjan Thanks. Will revert to 443 and see what I get.
-
@orangehand said in Cannot gain remote access to WebUI:
Anyone know how I would totally reset it to defaults?
A refaslh will do that.
Or use the console or SSH option
4) Reset to factory defaults