Cannot gain remote access to WebUI
-
@gertjan my WAN rule set is this:
I cannot move the webGUI rule to above the 2 block rules if this is the issue?
-
I know. You said :
@orangehand said in Cannot gain remote access to WebUI:
webadmin ports alias is set to 8082, 443 and 80
Mine is "443" so I created a webadmlinport alias that contains only 80 and 443.
I could have added 8082, and change the pfSense config so it listens to 8082 :
and that also works fine, after changing the "443" port redirect to "8082" for my ISP upstream router.
-
@orangehand said in Cannot gain remote access to WebUI:
if this is the issue?
Noop :
Nothing hits the two initial block rules : their counter are 0.
Be sure that this one is ok :
by making it "any" first, just for testing.
-
@gertjan I don't want to seem ungrateful, but I know your rule works, and all my other identical webgui rules work on other boxes. I am trying to work out why it doesn't work on this one!
-
@gertjan I'd tried any. No dice!
-
What is in front of your pfSense ?
Is your pfSense WAN IP an RFC1918 ? -
@gertjan the fibre/fttp socket. Access is via PPPoE from this box
-
@orangehand sorry - yes, it's a public routable IP, and ovpn works fine back to that address.
-
@orangehand said in Cannot gain remote access to WebUI:
I'd tried any. No dice!
Oh yes, that valid usefull info !!
Now I know that nothing reaches your pfSense WAN interface, port 8082, TCP.
Otherwise, the rule would be a match.
That is, I presume :- you connect like this : https://some-url-to-you-wan-IP-here.tld:8082 (or : https://a.b.c.d:8082)
and - You do not connect from within your LAN, but you are using your phone with the Wifi shut down = you are really connecting from the out side.
Also : using IPv4, right, not IPv6.
- you connect like this : https://some-url-to-you-wan-IP-here.tld:8082 (or : https://a.b.c.d:8082)
-
You can start a packet capture on your WAN interface.
Select TCP - and port 8082.If something comes in, it will get captured in the resulting log.
edit : like this :
-
@gertjan 1: yes and 2: I am remote on my own FTTP LAN so it is a true test with no risk of cgnat etc
Will try the packet capture, thanks
-
@orangehand output is:
10:05:57.099569 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:05:58.197408 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:05:59.281622 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:00.328195 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:01.351961 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:02.383762 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:04.445801 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:08.830995 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0I have to confess I don't know if this is good or bad!
-
@orangehand the IP's are correct
-
@orangehand said in Cannot gain remote access to WebUI:
the IP's are correct
I tested
https://51.148.xx.62 port 8082
... nothing replied like nothing is listening on that port.sockstat -l | grep '8082confirms that the GUI webserver is listening on 8082 ?
Or go back to the default 443 for a moment.
-
@orangehand This box was a new SG1100 which I installed yesterday. Out of the box it was not working at all well. I had to reflash it using the recovery image sent by Netgate. This image retains the original settings, or some of them. I am wondering if the reflash has cured all the problems. Anyone know how I would totally reset it to defaults? Another odd issue I am having is that MY OpenVPN connection to that box was working earlier this morning when I set it up and now, with no changes to the 1100, it is not. The customer's own ovpn connection from INSIDE his LAN is working fine.
-
@gertjan Thanks. Will revert to 443 and see what I get.
-
@orangehand said in Cannot gain remote access to WebUI:
Anyone know how I would totally reset it to defaults?
A refaslh will do that.
Or use the console or SSH option
4) Reset to factory defaults -
@gertjan what is the supported way of doing a total reflash? The wiki only refers to using the recovery image, which isn't a true factory reset, as it retains some previous settings.
-
When I used a USB device, I always repartitioned the device's drive.
If there was a question of "found a config from a previously installed pfSense' I would chose "don't take it".
Or, as said above : use the "4" option.
or GUI Diagnostics > Factory Defaults -
@gertjan Really odd. Setting the box back to standard admin ports was the answer. Odd, as I have a dozen other pfsense boxes on custom ports with me having remote management, and all work fine. Any guesses?
