Cannot access pfsense from certain pcs
-
hi all,
weird one here…
I can access pfsense from my laptop, pc, a server and that's it!
all other pcs and servers cannot access the web interface.
A bit worrying as what if something happens to these 3 machines!
thoughts?
I've tried to increase the "max processes" to 10 but no luck.
-
Are they all on the same LAN? Are you using proxy or dansguardian or anything?
-
Are they all on the same LAN? Are you using proxy or dansguardian or anything?
all on the same lan, no proxy and no dansguard
-
Thats very strange. You shouldn't need more than 2 processes enables.
Why you want everyone to be able to get there is beyond me though.Perhaps its a problem with those machines them selves? AV/Firewall there?
-
Thats very strange. You shouldn't need more than 2 processes enables.
Why you want everyone to be able to get there is beyond me though.Perhaps its a problem with those machines them selves? AV/Firewall there?
I can't see any issues - tried disabling all firewalls and av still nothing?
-
No clue - Times like this, I reinstall the pfsense from scratch.
Its definitely not an issue I've ever heard of.
-
When you say they can not access – do you mean they can not use the web gui, or they can not ping even or use the internet through it? Assuming it is just gui thing.
What error do you get when try to hit the web gui? Are you trying to use fqdn or IP address? Are you using http or https on your gui. Have you changed it to odd port?
-
Good point. If you are using a domain name to access it vs an IP, this could be just a DNS issue.
(nice point - I'd assumed everyone would always use IP)
-
Yeah assuming what people do normally means what ass u me :)
If using pfsense as dns, makes sense to use IP since what if pfsense is not working correctly.. I'm thinking they are trying https and some of there boxes are not likely the cert or not seeing crl, etc.
Really helpful to know what error they are getting vs vague "cannot access the web interface"
As to no proxy – Did he actually verify in the browser settings? Doubt it to be honest.
Quite possible machines are all infected running their web traffic through some proxy on the net ;) We really have NOTHING to work with here.
-
When you say they can not access – do you mean they can not use the web gui, or they can not ping even or use the internet through it? Assuming it is just gui thing.
What error do you get when try to hit the web gui? Are you trying to use fqdn or IP address? Are you using http or https on your gui. Have you changed it to odd port?
I only use the IP:
https://192.168.0.254/They just cannot access the GUI.
They can access internet and all other services but not the GUI.it just hangs there thinking about it and then gives an error message "webpage is not available"
interesting thing is it comes up with the little icon on the TAB to indicate it is the pfsense box (screen shot attached)
-
Yeah assuming what people do normally means what ass u me :)
If using pfsense as dns, makes sense to use IP since what if pfsense is not working correctly.. I'm thinking they are trying https and some of there boxes are not likely the cert or not seeing crl, etc.
Really helpful to know what error they are getting vs vague "cannot access the web interface"
As to no proxy – Did he actually verify in the browser settings? Doubt it to be honest.
Quite possible machines are all infected running their web traffic through some proxy on the net ;) We really have NOTHING to work with here.
see my post below for the error I am getting.
and with regards to the proxy.
Yes I am sure as I set the PCs up. Thanks for your concern and condescending tone however it really helps. 8) -
And are you using HTTPS?
I have the same error - because I am not running on https
But use http and works fine
-
yes I only use HTTPS
-
Well for some reason your browser doesn't like the cert, but I would think that would be a different error. Or can not get there for some reason.. Have you tried http, its quite possible your not actually using https ;) Which would seem like a logical thing to verify.
Have you sniffed at pfsense to see if request gets there? You have any odd lan firewall rules?
You get the same type of error in different browser?
-
Well for some reason your browser doesn't like the cert, but I would think that would be a different error. Or can not get there for some reason.. Have you tried http, its quite possible your not actually using https ;) Which would seem like a logical thing to verify.
Have you sniffed at pfsense to see if request gets there? You have any odd lan firewall rules?
You get the same type of error in different browser?
It is using https 100% sure.
http has the same effect - no gui access.
and just to test I even put in a LAN rule to allow all traffic everywhere while testing this out. no change -
Well for some reason your browser doesn't like the cert, but I would think that would be a different error. Or can not get there for some reason.. Have you tried http, its quite possible your not actually using https ;) Which would seem like a logical thing to verify.
Have you sniffed at pfsense to see if request gets there? You have any odd lan firewall rules?
You get the same type of error in different browser?
It is using https 100% sure.
http has the same effect - no gui access.
and just to test I even put in a LAN rule to allow all traffic everywhere while testing this out. no changeAnd yes tested it on IE…same thing
-
and just to test I even put in a LAN rule to allow all traffic everywhere while testing this out. no change
Errr… and the rules in place before would be?! Diagnostics - States - Reset states or reboot.
-
and just to test I even put in a LAN rule to allow all traffic everywhere while testing this out. no change
Errr… and the rules in place before would be?! Diagnostics - States - Reset states or reboot.
well by default I don't allow all kinds of traffic out - no point.
rebooted the firewall already…did it again and still no access apart from the same 3 PCs!
-
Well, I'd suggest to post the rules and producing some basic diagnostics, such as ping/traceroute to the pfS IP, since we obviously are getting nowhere and there's apparently a lot of information hidden behind the scenes. Also there are these logs available on the firewall for a good reason. :-*
-
Did you sniff at pfsense? diag packet capture, or simple tcpdump from ssh or console.
This is what I would do to verify traffic actually gets there.
Again - maybe I missed it.. You can route your internet traffic through pfsense - just not load the web gui?
As dok mentions – lets see pings, traceroute and the sniff at pfsense showing the connection from your browser.. Until we verify that pfsense saw the request and answered.. Its a browser/pc issue where the traffic never even gets to pfsense.
