Unable to access GUI from specific PC
-
@enjawd And any other connectivity is given by using the NIC with no access to the Web-GUI? And your switching NICs, but it seems you also switching the port on the other side because it is 1Gb and then 10Gb...
-
Yeah that^. Is it only the pfSense webgui you can't access? Connecting to external site still works?
-
Yes apparently only pfsense gui I can’t access, but other than that everything else is working as per normal I’m still getting 10g speed as well
-
@enjawd But the other port (10G) on your pfSense is most probably not in the same LAN as the 1G port...
-
@Bob-Dig my pfsense has only 2 * 10G port. 1 for WAN, another for LAN with vlan connect to another 10G switch. So basically all my equipment or device are connect to the switch 10G port
-
Connecting with a different NIC will give you a different IP address because of the different MAC. It seems likely the original IP is simply blocked from accessing the gui.
-
@stephenw10 Yeah seems like either mac address or ip is blocked, any idea how can i find this? nothing seems to appear on syslog as well
-
@enjawd your rules on that interface wouldn't be blocking anything - do you have floating rules? Is the rules your actually hitting - or do you have some other interface?
Do you even have ethernet filtering enabled - its not out of the box. And its only available in +
Sure you didn't just lock yourself out of the gui from that IP by sending wrong password.. But that should timeout anyway.
I always put my PC ip in there just in case.
Are you running any IPS? If your pc has internet access thru pfsense - would seem odd that it could be blocked by some mac filtering - unless you had very specific rules in your ethernet filtering - and again that is not even enabled out of the box. So you would of had to enable it and put in rules.
So to be clear your internet access through pfsense works, dns to pfsense IP works - you can not just access the gui.. Do you get any sort of error, does it just time out?
-
@johnpoz I've no floating rule going on, 0 entries.
This is my login protection setting. If i were to put my pc ip, will my other device be denied to GUI making my pc exception only?
-
@johnpoz Forgot to mention, im on pfsense+
-
Just to update, im pretty sure its mac address block for some reason. On the NIC, i change the ip address to another, im not able to access gui either.
-
hey,
is said pc connected directly tp pfsense or is a switch in use?
If so (with switch in between): are there any Port Security settings active? Any MAC blocking there in use? -
... and are the perfect (the ones you've found when you installed pfSernse) LAN firewall rules in place :
?
-
@enjawd it is an exception only.
if you have plus - then look to see if you have mac filtering enabled. Look in advanced firewall/nat - or do you even see the ethernet tab in firewall?
Would of kind of had to put in a specific rule - how would you not know you did such a thing?
And again - what happens, what does your multiple browsers you have put in show - just a timeout? Some error - are you using https via that 8443 port, are you trying redirection by hitting port 80 via http first?
Is the browser just telling you it doesn't trust the cert. Without a very specific ethernet rule - I don't see how this is possible your blocked.
Is this the error your getting in your browser?
And again are you running IPS?
-
I would probably run a pcap at this point just to be sure packets from the client in question are actually arriving.
-
i think i have found the problem, think someone had change the MTU on my pc to 9000 instead of 1500. Changed it back and im able to access GUI again.
-
Ah, that could do it.
-
@enjawd said in Unable to access GUI from specific PC:
think someone
So you mean you ;) I mean who else would be touching your pc? And to be honest why and the F would they be messing with mtu?
But yeah could do it..
Sniff would of brought that out - but yeah not something on my list to think of ;)
-
@johnpoz haha it was my bro, we are trying to set up our local network all 10g since our ISP providing 10G up/down. But we had issue with slow speed on iperf between local device(around 3Gbps, but my bro change it to MTU 9000 we had speed bump up to 9+ gbps).
But what surprise me is that why is it only specifically the pc is not able to access the GUI, but via ssh/telnet no issue. All other device didnt had issue as well.
-
@enjawd because your routing it, but not to pfsense interface. Pfsense will fragment if you send say 9000 to say google.com
For sure a weird one in a million type of setups.. If you would of mentioned you were running jumbo might of occurred but I wasn't even thinking if you went full jumbo that you wouldn't changed your router - and you said your other devices worked etc..
as fir ssh/telnet those would never be full jumbo - that is tiny tiny amounts of data moving back and forth.
mixed mtu on a nework is going to cause nothing but pita.. But you should be able to reach closer to 10ge without jumbo.
Slow speed your seeing on iperf.. could be iperf related - what version are you running, what happens when you go to 1500, but send multiple streams? Somewhat recent believe there is a multithread iperrf, before it was always single threaded. I think the older iperf2 might of been multithreaded.
google iperf3 and 10ge testing.
I would throw up say openspeedtest and try that.
But the limit your seeing could be just how your testing with iperf
I can only get about 3.3gbe on 5ge - but haven't looked too deep into it because the iperf3 running on my nas is old, and the nic in nas is just a usb dongle. Is the isp side running jumbo? I doubt it - you get 10ge from isp? I think that came up but the thread has gotten kind of long.
So when you getting slower speeds with 1500 mtu, what was the cpu load on 2 test devices?
