Cannot gain remote access to WebUI
-
@gertjan I don't want to seem ungrateful, but I know your rule works, and all my other identical webgui rules work on other boxes. I am trying to work out why it doesn't work on this one!
-
@gertjan I'd tried any. No dice!
-
What is in front of your pfSense ?
Is your pfSense WAN IP an RFC1918 ? -
@gertjan the fibre/fttp socket. Access is via PPPoE from this box
-
@orangehand sorry - yes, it's a public routable IP, and ovpn works fine back to that address.
-
@orangehand said in Cannot gain remote access to WebUI:
I'd tried any. No dice!
Oh yes, that valid usefull info !!
Now I know that nothing reaches your pfSense WAN interface, port 8082, TCP.
Otherwise, the rule would be a match.
That is, I presume :- you connect like this : https://some-url-to-you-wan-IP-here.tld:8082 (or : https://a.b.c.d:8082)
and - You do not connect from within your LAN, but you are using your phone with the Wifi shut down = you are really connecting from the out side.
Also : using IPv4, right, not IPv6.
- you connect like this : https://some-url-to-you-wan-IP-here.tld:8082 (or : https://a.b.c.d:8082)
-
You can start a packet capture on your WAN interface.
Select TCP - and port 8082.If something comes in, it will get captured in the resulting log.
edit : like this :
-
@gertjan 1: yes and 2: I am remote on my own FTTP LAN so it is a true test with no risk of cgnat etc
Will try the packet capture, thanks
-
@orangehand output is:
10:05:57.099569 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:05:58.197408 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:05:59.281622 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:00.328195 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:01.351961 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:02.383762 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:04.445801 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
10:06:08.830995 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0I have to confess I don't know if this is good or bad!
-
@orangehand the IP's are correct
-
@orangehand said in Cannot gain remote access to WebUI:
the IP's are correct
I tested
https://51.148.xx.62 port 8082
... nothing replied like nothing is listening on that port.sockstat -l | grep '8082
confirms that the GUI webserver is listening on 8082 ?
Or go back to the default 443 for a moment.
-
@orangehand This box was a new SG1100 which I installed yesterday. Out of the box it was not working at all well. I had to reflash it using the recovery image sent by Netgate. This image retains the original settings, or some of them. I am wondering if the reflash has cured all the problems. Anyone know how I would totally reset it to defaults? Another odd issue I am having is that MY OpenVPN connection to that box was working earlier this morning when I set it up and now, with no changes to the 1100, it is not. The customer's own ovpn connection from INSIDE his LAN is working fine.
-
@gertjan Thanks. Will revert to 443 and see what I get.
-
@orangehand said in Cannot gain remote access to WebUI:
Anyone know how I would totally reset it to defaults?
A refaslh will do that.
Or use the console or SSH option
4) Reset to factory defaults
-
@gertjan what is the supported way of doing a total reflash? The wiki only refers to using the recovery image, which isn't a true factory reset, as it retains some previous settings.
-
When I used a USB device, I always repartitioned the device's drive.
If there was a question of "found a config from a previously installed pfSense' I would chose "don't take it".
Or, as said above : use the "4" option.
or GUI Diagnostics > Factory Defaults -
@gertjan Really odd. Setting the box back to standard admin ports was the answer. Odd, as I have a dozen other pfsense boxes on custom ports with me having remote management, and all work fine. Any guesses?
-
Did you do de sockstat test ?
-
@gertjan tbh I didn't understand how to do it! Can you clarify please?
-
@orangehand
You have to use the most important interface : the console access.
Or a SSH access. But keep in mind that SSH isn't available when you install pfSense on a device, as interfaces aren't assigned (known) yet.
See the pfSense documentation. These two accesses are not some optional thing. Without them, you're "doomed".The console access or SSH permits you to enter commands.
Like sockstat -l | grep '8082