• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Problems accessing pfSense

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
4 Posts 2 Posters 2.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    miles267
    last edited by Aug 31, 2012, 1:54 PM

    Just encountered a similar situation.  Not sure how to resolve:

    • suddenly I cannot SSH over internet to my pfsense box
    • I cannot access the WebUI from the internet
    • I can RDP from the internet into only 1 PC behind my pfsense box
    • From that PC, I can access my WebUI
    • Snort shows no alerts or blocked IPs

    If I reboot the pfsense box, everything is OK until SSH "crashes" the next time (have been seeing it happen more often than I'd like lately).  Not sure how to troubleshoot this or where I might see logging info to trace the issue.  I had hoped it was simply my internet IP being blocked.  Even that IP is added to my whitelist within snort.

    Any help would be much appreciated.  Thanks.

    1 Reply Last reply Reply Quote 0
    • M
      miles267
      last edited by Sep 10, 2012, 11:01 PM

      This issue has been happened with an increased frequency.  However it appears to happen only after more than one remote session is established with the Pfsense box.  For example, 1-user connected to the Web GUI and 1-user logged into SSH, etc.  Once it happens, the pfsense box is only accessible from within the LAN.  It cannot be accessed via the WAN regardless of method (SSH, Web GUI HTTPS, etc.).

      What causes this issue?

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by Sep 11, 2012, 2:17 AM

        The command and its response (or URL and browser report) are nearly always more informative than the non-technical summary "can't access".

        @miles267:

        What causes this issue?

        It is difficult to say without more information such as the error report from the application attempting the access.

        1 Reply Last reply Reply Quote 0
        • M
          miles267
          last edited by Sep 11, 2012, 2:21 AM

          Understood.  Turns out, through some trial and error, it may have been due to a Snort-HTTP DOUBLE DECODING ATTACK.  While I noticed this message in my SYSTEM LOG, it did not appear among the BLOCKED tab.  Only visible among the ALERTS tab.  I've since suppressed this alert rule and it seems to have restored external access to my pfsense box without requiring a reboot.

          Will monitor my system since suppressing this rule to see whether it recurs in which case it may be attributed to snort (possibly).

          I think the HTTP DOUBLE DECODING ATTACK may have been the cause as once I cleared it, I was able to access my Web GUI login page from multiple external systems originating from multiple different internet IP addresses (without clearing any blocked IPs from the snort blocked tab).

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received