LAN GUI not accessible!
-
There are different firewall rules for WAN and LAN. You may have blocked access to the webgui from LAN. Without seeing your rules I have no idea.
By default anything connected to the LAN interface should be able to access the webgui so if you haven't made huge changes to the rules then it's probably not the firewall. That said by default you should not be able to access the webgui from WAN so you must have made some changes. The only exception to that is if only one interface is assigned. I'm assuming you have at least two interfaces though.
Are running static IPs or DHCP? If it's static then are you sure the clients are actually connected to the pfSense LAN. Since you're running virtual it's an easy enough mistake to choose the wrong virtual switch.
More info please. ;) Screenshots are always useful.
Steve
-
I wasnt at a location I was able to access the information to get screenshots untill now.
From the screenshots attached you can see that Anti Lockout and GUI Redirect are disabled so it should be permitted and via any port since its allowed access to port 80.
My LAN firewall rules include LAN –> ANY and ANY --> LAN.
189/24 is my DHCP WAN setup and the rest are rules through a static ip virtual box system
Confused! :o
-
It seems strange that all your special rules, on LAN and WAN are about 192.168.1.0/24 addresses.
What is your LAN IP/mask and WAN IP/mask?
Maybe you are using the same (or overlapping) subnet on both LAN and WAN? That does not woork. -
Your firewall rules are confusing. Do you have pfSense setup as a transparent firewall?
You seem to have the same subnet on wan and lan.Edit: typed too slow. What Phil said. ::)
Steve
-
My WAN is 192.168.1.189 and my LAN is 192.168.1.1
Is the issue because both the WAN and LAN ip are running from the same school of IPs?
-
Yes, every interface must use a completely separate IP subnet, e.g.
WAN keep 192.168.1.n/24
LAN use 192.168.2.n/24This problem happens a bit when you sit pfSense WAN on an existing private LAN - the existing private LAN is often already 192.168.1.n/24 and then the pfSense LAN defaults to the same subnet.
-
Yes. In the normal configuration, routing or NATing, the WAN and LAN must be in different subnets. The only way they can be in the same subnet is if they are bridged, a transparent firewall setup.
With both in the same subnet the replies to your lan side clients are probably going out the wan since their IPs appear to reachable there.Steve
Ah, too slow again!
-
So now I've changed the IPs too
WAN is still 192.168.1.n/24
LAN is now set to 192.168.2.10/24Changed my LAN interface IP to 192.168.2.10 within the WAN webgui and now if i ping 192.168.2.10 - I get transmit failed, general failure 100% loss
-
Where are you pinging from?
Are you using DHCP?Steve
-
Where are you pingjng from?
Are you using DHCP?Steve
I have Windows 7, Windows 8.1, Kali Linux and Backtrack Linux running in virtual boxes linked together with an internal adapter through my universities physical network.
The aim is to setup pfsense so it can be run by the WAN (the physical university network) which I have done, and ALL the virtual boxes via LAN, which is what I am struggling to get working.
So if i load any of my virtual boxes and try to ping the LAN IP address of pfsense, it either gives me request timed out or transmit failed, general failure both with all 4 packets lost and thus 100% loss.
My WAN is running through the universities DHCP setup and the LAN is running via a static IP address
-
You will have to change the IP of all the VMs in LAN to be in 192.168.2.0/24 also - or if they are using DHCP from pfSense LAN then make sure the DHCP settings have a new range in 102.168.2.0/24 and then get each VM to release/renew its lease.
-
Are you confident you have the virtual box setup correct?
Steve
-
Are you confident you have the virtual box setup correct?
Steve
Yes my virtualboxes are all setup correctly, I am just about to head to where the system is based and try changing the IPs of all the virtual boxes
-
Apologies for not getting the time to respond to this until now.
As of right now I have updated my LAN IPs so they are on a seperate subnet to the WAN and the webgui now works both via LAN and WAN which is the problem I was having.
However, I still have no internet access within my virtual network.
Although if i attempt to ping out from my virtual box to any system within my universities physical network it works perfectly fine, but when I try to ping into my virtualbox from the physical network I get nothing.
So my outbound rules seem to be working, but for some reason I have nothing incoming which I am fairly sure is the reason for having no internet.
I have no gateway setup, I've checked that WAN is my default option and I have my NAT set to automatic, although its not generating the rules for me, the table is empty
-
I have no gateway setup, I've checked that WAN is my default option and I have my NAT set to automatic, although its not generating the rules for me, the table is empty
You must have at least one gateway setup. When outbound NAT is set to automatic it sets rules (that don't appear in the table) to nat between internal interfaces and external interfaces but it needs to see gateways set to determine which interfaces are 'WANs'.
Steve
-
The problem is in his reply…
"I tried to access it via a different virtual box and couldn't"
He doesn't understand networking yet. Miuch less networking with VMs.
Seems like he doesn't understand VM nets, bridged nets and why a vm running in an entirely seperate instance of virtual box cant access the lan of his virtualized pfsense.
-
The problem is in his reply…
"I tried to access it via a different virtual box and couldn't"
He doesn't understand networking yet. Miuch less networking with VMs.
Seems like he doesn't understand VM nets, bridged nets and why a vm running in an entirely seperate instance of virtual box cant access the lan of his virtualized pfsense.
Thanks for the extremely useful response!.
As it happens I am well aware of how VMs, bridged nets and WANS work and that Virtual Boxs are all completely seperate from each other. I simply meant that I had tested it on multiple VMs to make sure it wasnt just something really obvious like a shell command or firewall rule I had allocated to one IP address and forgotten to allocate to another one.
Its people like you that give these places a bad name, if ur not gonna respond with useful information, just dont bother to respond at all
–--------------------------------------------------------------------------------------------------------------------------------
@stephennw10
I am heading into Uni in roughly 3 hours from the time of this post, I will get screenshots of my LAN, NAT and such for you and attach them to a post
-
Sorry - Wasn't trying to insult you. Sorry if I offended. But you can't completely understand this and it be so difficult.
Something very basic is missing and its nothing to do with pfsense in all likelihood.Its more likely a problem in the way the network cards on the VMs are being assigned and probably a basic understanding of network issues also.
Neither should be considered the end of the world. Took me a while to really get at all the networking of VMs. Alot still gets by me.
However, basically. The pfsense VM and the client VM should have at least 1 virtual interface on the same virtual network. Both of the VMs must be installed on the same REAL machine.
The pfsense LAN and the Client Lan should be on the same virtual network. The Wan of the pfsense card should be bridged.
At that point, pfsense should be a basic install with no special rules at all and should just work. You should see the pfsense GUI from the other VM if you are typing the correct IP.
I apologize if I offended, but you sound a little confused and better to get to the point than to tip toe around it.
You will be much closer to an answer this way.
-
Once you have you pfsense VM and your client VM (hopefully ubuntu or something basic) on a common virtual network for LAN and the other pfsense interface (WAN) bridged, you will have a correct basic setup. I can pretty much guarantee the client can see the pfsense gui set up this way.
What I can't guarantee is that whatever network you are on will grant the pfsense WAN an IP or allow its traffic. If the network is running simple DHCP, and you have done nothing at all to the basic pfsense configuration, it will simply grab an IP and work immediately and have internet access.
-
I am fully aware that it should be as simple as:
However, basically. The pfsense VM and the client VM should have at least 1 virtual interface on the same virtual network. Both of the VMs must be installed on the same REAL machine.
The pfsense LAN and the Client Lan should be on the same virtual network. The Wan of the pfsense card should be bridged.
At that point, pfsense should be a basic install with no special rules at all and should just work. You should see the pfsense GUI from the other VM if you are typing the correct IP.
But it simply is not.
I get that PFSense basic install should work when these details are true, but all of the information you stated above is already true and no its not that I am just clueless, although I wont claim to fully understand as I had never ever seen this software until about 3 weeks ago!
I have installed PFSense on a personal machine at home, as has my lecturer and both our setups work by default when the network information is bridged correctly.
However, when I attempt to do in on the University network it doesn't work so I already know its something to do with a rule that's missing or the way the network is setup.
My issue is finding where the problem is and how to fix or bypass it, if its even possible. I don't know if its something my university has put in place as a "fix" that is more of a hindrance than a fix or if its just something obvious I have missed out
Essentially I have PFSense installed in a virtualbox that is bridged to the universities physical network and then I have it linked via an internal network between the other 3 virtual boxes which have various different operating systems installed on them.
My WAN setup works and my LAN setup through the internal network is also working correctly. I can access PFSense both from the physical network and from the virtual network.
I can also ping out from my virtual network to ANY computer within the physical network, not just the host I am running the virtual boxes on but if at any point I try to ping from the physical network into my virtual network, I am not able to do so, so I already know there is a bottleneck there, the question is just where?
My NAT is set to Automatic and I have no IPv4 Upstream as you can see from the screenshots provided, however, when you look at the gateway streams for some reason its now displaying as offline, when I checked this last time I was in the lab at uni they werent displaying as either off or online, they were just displaying as being there (if that makes any sense) so I'm guessing this is part of the problem!
