Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN GUI not accessible!

    Scheduled Pinned Locked Moved General pfSense Questions
    46 Posts 4 Posters 11.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      There are different firewall rules for WAN and LAN. You may have blocked access to the webgui from LAN. Without seeing your rules I have no idea.

      By default anything connected to the LAN interface should be able to access the webgui so if you haven't made huge changes to the rules then it's probably not the firewall. That said by default you should not be able to access the webgui from WAN so you must have made some changes. The only exception to that is if only one interface is assigned. I'm assuming you have at least two interfaces though.

      Are running static IPs or DHCP? If it's static then are you sure the clients are actually connected to the pfSense LAN. Since you're running virtual it's an easy enough mistake to choose the wrong virtual switch.

      More info please.  ;) Screenshots are always useful.

      Steve

      1 Reply Last reply Reply Quote 0
      • F
        ForensicGeek
        last edited by

        I wasnt at a location I was able to access the information to get screenshots untill now.

        From the screenshots attached you can see that Anti Lockout and GUI Redirect are disabled so it should be permitted and via any port since its allowed access to port 80.

        My LAN firewall rules include LAN –> ANY and ANY --> LAN.

        189/24 is my DHCP WAN setup and the rest are rules through a static ip virtual box system

        Confused!  :o

        lanrules.jpg
        lanrules.jpg_thumb
        advancedsettings.jpg
        advancedsettings.jpg_thumb
        wanrules.jpg
        wanrules.jpg_thumb

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          It seems strange that all your special rules, on LAN and WAN are about 192.168.1.0/24 addresses.
          What is your LAN IP/mask and WAN IP/mask?
          Maybe you are using the same (or overlapping) subnet on both LAN and WAN? That does not woork.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Your firewall rules are confusing. Do you have pfSense setup as a transparent firewall?
            You seem to have the same subnet on wan and lan.

            Edit: typed too slow. What Phil said.  ::)

            Steve

            1 Reply Last reply Reply Quote 0
            • F
              ForensicGeek
              last edited by

              My WAN is 192.168.1.189 and my LAN is 192.168.1.1

              Is the issue because both the WAN and LAN ip are running from the same school of IPs?

              1 Reply Last reply Reply Quote 0
              • P
                phil.davis
                last edited by

                Yes, every interface must use a completely separate IP subnet, e.g.
                WAN keep 192.168.1.n/24
                LAN use 192.168.2.n/24

                This problem happens a bit when you sit pfSense WAN on an existing private LAN - the existing private LAN is often already 192.168.1.n/24 and then the pfSense LAN defaults to the same subnet.

                As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Yes. In the normal configuration, routing or NATing, the WAN and LAN must be in different subnets. The only way they can be in the same subnet is if they are bridged, a transparent firewall setup.
                  With both in the same subnet the replies to your lan side clients are probably going out the wan since their IPs appear to reachable there.

                  Steve

                  Ah, too slow again!

                  1 Reply Last reply Reply Quote 0
                  • F
                    ForensicGeek
                    last edited by

                    So now I've changed the IPs too

                    WAN is still 192.168.1.n/24
                    LAN is now set to 192.168.2.10/24

                    Changed my LAN interface IP to 192.168.2.10 within the WAN webgui and now if i ping 192.168.2.10 - I get transmit failed, general failure 100% loss

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Where are you pinging from?
                      Are you using DHCP?

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • F
                        ForensicGeek
                        last edited by

                        @stephenw10:

                        Where are you pingjng from?
                        Are you using DHCP?

                        Steve

                        I have Windows 7, Windows 8.1, Kali Linux and Backtrack Linux running in virtual boxes linked together with an internal adapter through my universities physical network.

                        The aim is to setup pfsense so it can be run by the WAN (the physical university network) which I have done, and ALL the virtual boxes via LAN, which is what I am struggling to get working.

                        So if i load any of my virtual boxes and try to ping the LAN IP address of pfsense, it either gives me request timed out or transmit failed, general failure both with all 4 packets lost and thus 100% loss.

                        My WAN is running through the universities DHCP setup and the LAN is running via a static IP address

                        1 Reply Last reply Reply Quote 0
                        • P
                          phil.davis
                          last edited by

                          You will have to change the IP of all the VMs in LAN to be in 192.168.2.0/24 also - or if they are using DHCP from pfSense LAN then make sure the DHCP settings have a new range in 102.168.2.0/24 and then get each VM to release/renew its lease.

                          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Are you confident you have the virtual box setup correct?

                            Steve

                            1 Reply Last reply Reply Quote 0
                            • F
                              ForensicGeek
                              last edited by

                              @stephenw10:

                              Are you confident you have the virtual box setup correct?

                              Steve

                              Yes my virtualboxes are all setup correctly, I am just about to head to where the system is based and try changing the IPs of all the virtual boxes

                              1 Reply Last reply Reply Quote 0
                              • F
                                ForensicGeek
                                last edited by

                                Apologies for not getting the time to respond to this until now.

                                As of right now I have updated my LAN IPs so they are on a seperate subnet to the WAN and the webgui now works both via LAN and WAN which is the problem I was having.

                                However, I still have no internet access within my virtual network.

                                Although if i attempt to ping out from my virtual box to any system within my universities physical network it works perfectly fine, but when I try to ping into my virtualbox from the physical network I get nothing.

                                So my outbound rules seem to be working, but for some reason I have nothing incoming which I am fairly sure is the reason for having no internet.

                                I have no gateway setup, I've checked that WAN is my default option and I have my NAT set to automatic, although its not generating the rules for me, the table is empty

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  @ForensicGeek:

                                  I have no gateway setup, I've checked that WAN is my default option and I have my NAT set to automatic, although its not generating the rules for me, the table is empty

                                  You must have at least one gateway setup. When outbound NAT is set to automatic it sets rules (that don't appear in the table) to nat between internal interfaces and external interfaces but it needs to see gateways set to determine which interfaces are 'WANs'.

                                  Steve

                                  1 Reply Last reply Reply Quote 0
                                  • K
                                    kejianshi
                                    last edited by

                                    The problem is in his reply…

                                    "I tried to access it via a different virtual box and couldn't"

                                    He doesn't understand networking yet.  Miuch less networking with VMs.

                                    Seems like he doesn't understand VM nets, bridged nets and why a vm running in an entirely seperate instance of virtual box cant access the lan of his virtualized pfsense.

                                    1 Reply Last reply Reply Quote 0
                                    • F
                                      ForensicGeek
                                      last edited by

                                      @kejianshi:

                                      The problem is in his reply…

                                      "I tried to access it via a different virtual box and couldn't"

                                      He doesn't understand networking yet.  Miuch less networking with VMs.

                                      Seems like he doesn't understand VM nets, bridged nets and why a vm running in an entirely seperate instance of virtual box cant access the lan of his virtualized pfsense.

                                      Thanks for the extremely useful response!.

                                      As it happens I am well aware of how VMs, bridged nets and WANS work and that Virtual Boxs are all completely seperate from each other. I simply meant that I had tested it on multiple VMs to make sure it wasnt just something really obvious like a shell command or firewall rule I had allocated to one IP address and forgotten to allocate to another one.

                                      Its people like you that give these places a bad name, if ur not gonna respond with useful information, just dont bother to respond at all

                                      –--------------------------------------------------------------------------------------------------------------------------------

                                      @stephennw10

                                      I am heading into Uni in roughly 3 hours from the time of this post, I will get screenshots of my LAN, NAT and such for you and attach them to a post

                                      1 Reply Last reply Reply Quote 0
                                      • K
                                        kejianshi
                                        last edited by

                                        Sorry - Wasn't trying to insult you.  Sorry if I offended.  But you can't completely understand this and it be so difficult.
                                        Something very basic is missing and its nothing to do with pfsense in all likelihood.

                                        Its more likely a problem in the way the network cards on the VMs are being assigned and probably a basic understanding of network issues also.

                                        Neither should be considered the end of the world.  Took me a while to really get at all the networking of VMs.  Alot still gets by me.

                                        However, basically.  The pfsense VM and the client VM should have at least 1 virtual interface on the same virtual network.  Both of the VMs must be installed on the same REAL machine.

                                        The pfsense LAN and the Client Lan should be on the same virtual network.  The Wan of the pfsense card should be bridged.

                                        At that point, pfsense should be a basic install with no special rules at all and should just work.  You should see the pfsense GUI from the other VM if you are typing the correct IP.

                                        I apologize if I offended, but you sound a little confused and better to get to the point than to tip toe around it.

                                        You will be much closer to an answer this way.

                                        1 Reply Last reply Reply Quote 0
                                        • K
                                          kejianshi
                                          last edited by

                                          Once you have you pfsense VM and your client VM (hopefully ubuntu or something basic) on a common virtual network for LAN and the other pfsense interface (WAN) bridged, you will have a correct basic setup.  I can pretty much guarantee the client can see the pfsense gui set up this way.

                                          What I can't guarantee is that whatever network you are on will grant the pfsense WAN an IP or allow its traffic.  If the network is running simple DHCP, and you have done nothing at all to the basic pfsense configuration, it will simply grab an IP and work immediately and have internet access.

                                          1 Reply Last reply Reply Quote 0
                                          • F
                                            ForensicGeek
                                            last edited by

                                            I am fully aware that it should be as simple as:

                                            However, basically.  The pfsense VM and the client VM should have at least 1 virtual interface on the same virtual network.  Both of the VMs must be installed on the same REAL machine.

                                            The pfsense LAN and the Client Lan should be on the same virtual network.  The Wan of the pfsense card should be bridged.

                                            At that point, pfsense should be a basic install with no special rules at all and should just work.  You should see the pfsense GUI from the other VM if you are typing the correct IP.

                                            But it simply is not.

                                            I get that PFSense basic install should work when these details are true, but all of the information you stated above is already true and no its not that I am just clueless, although I wont claim to fully understand as I had never ever seen this software until about 3 weeks ago!

                                            I have installed PFSense on a personal machine at home, as has my lecturer and both our setups work by default when the network information is bridged correctly.

                                            However, when I attempt to do in on the University network it doesn't work so I already know its something to do with a rule that's missing or the way the network is setup.

                                            My issue is finding where the problem is and how to fix or bypass it, if its even possible. I don't know if its something my university has put in place as a "fix" that is more of a hindrance than a fix or if its just something obvious I have missed out

                                            Essentially I have PFSense installed in a virtualbox that is bridged to the universities physical network and then I have it linked via an internal network between the other 3 virtual boxes which have various different operating systems installed on them.

                                            My WAN setup works and my LAN setup through the internal network is also working correctly. I can access PFSense both from the physical network and from the virtual network.

                                            I can also ping out from my virtual network to ANY computer within the physical network, not just the host I am running the virtual boxes on but if at any point I try to ping from the physical network into my virtual network, I am not able to do so, so I already know there is a bottleneck there, the question is just where?

                                            My NAT is set to Automatic and I have no IPv4 Upstream as you can see from the screenshots provided, however, when you look at the gateway streams for some reason its now displaying as offline, when I checked this last time I was in the lab at uni they werent displaying as either off or online, they were just displaying as being there (if that makes any sense) so I'm guessing this is part of the problem!

                                            autonat.jpg
                                            autonat.jpg_thumb
                                            ip4up.jpg
                                            ip4up.jpg_thumb
                                            wandhcpoff.jpg
                                            wandhcpoff.jpg_thumb

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.