Changing from HTTPS to HTTP (locked myself out)

j.smith1981 · Feb 23, 2012, 9:43 AM

I tried changing to HTTPS from using just the old HTTP but I seem to have locked myself out the web site for my router will not load anymore at all.

Is there anyway of going back to HTTP that anyone knows of but being from a remote location?

It would be really good to know since I have done this a number of times in the past and always reinstalled the OS of Pfsense but I thought why not ask to see if anyone else has managed to do such a thing without needing to do this.

I had the HTTP port running on my NAT firewall as 10082 and I thought HTTPS would run through that like webmin does on my web server, is that a right thing to think about like that or not? I have a feeling of not but would like some help on this.

I have even tried this command here:

killall -9 php; killall -9 lighttpd; /etc/rc.restart_webgui

But still nothing responds on the webGUI but through my NAT firewall since I am at another place other than my router.

Any thoughts anyone?

Thanks in advance of any replies,
Jeremy.

j.smith1981 · Feb 23, 2012, 10:17 AM

I mean I took the tip off that can't access web GUI and I found this in the /tmp/rules.debug:

NAT Inbound Redirects

rdr on rl0 proto tcp from any to 85.30.150.89 port 10081 -> 192.168.0.1 port 22
rdr on rl0 proto tcp from any to 85.30.150.89 port 10082 -> 192.168.0.1 port 80
rdr on rl0 proto tcp from any to 85.30.150.89 port 21 -> 192.168.0.2
rdr on rl0 proto tcp from any to 85.30.150.89 port 22 -> 192.168.0.2
rdr on rl0 proto tcp from any to 85.30.150.89 port 25:26 -> 192.168.0.2
rdr on rl0 proto tcp from any to 85.30.150.89 port 80 -> 192.168.0.2
rdr on rl0 proto tcp from any to 85.30.150.89 port 110 -> 192.168.0.2
rdr on rl0 proto tcp from any to 85.30.150.89 port 10000 -> 192.168.0.2
rdr on rl0 proto tcp from any to 85.30.150.89 port 20000 -> 192.168.0.2
rdr on rl0 proto tcp from any to 85.30.150.89 port 443 -> 192.168.0.2

I could technically just modify this line here:
rdr on rl0 proto tcp from any to 85.30.150.89 port 10082 -> 192.168.0.1 port 80

Since it would be not 192.168.0.1 port 80 it would be port 443.

Can someone clarify if I could just go ahead and change that from this config or is that a complete waste of time?

I much appreciate your help!

Jeremy

PS This is a roughly approximated external IP address it's not actually mine but only 2 sets of numbers actually are my IP address.

Although I have tried accessing it from within my local area network (as I only have WAN access) and I still cant access my webGUI from Lynx on my SSH login through my server, is there anyway of resetting back to the HTTP settings through the pfsense shell commands at all?

marcelloc · Mar 2, 2012, 5:16 AM

When you select reset webgui password(or set interface address) via console you have an option to revert gui to http.

j.smith1981 · Mar 5, 2012, 8:50 AM

Really was scratching my head on this one not to worry I was just trying out HTTPS trying to get my router a little more secure so to speak.

I accidentally yea locked myself out as I said, but couldn't work out why I couldnt get in when I'd reset for some strange reason it had made 2 rules of the same exact settings for HTTP, hmm weird but oh well I will leave it be for now and when I get back home will work out why.

There is an option when I do a setting in the SSH login (remotely in my case) to reset back to HTTP and reset the password but I can't remember actually thinking back to which one includes the HTTP reset, but it did work and thank you again I mean I just deleted the first rule I had of HTTP and it let me back in weird though oh well least it's working now.

Thank you ever so much for your help,
Jeremy.