Not able to access WebGUI from remote through WAN
-
Manually created this rule. It is still blocking the access. I made the rule and then hit the apply changes button.
edit: Just in case you want to point out the 8080 and 2020 discrepancy in my address bar its because I edited it to 8080 for the screen shot… didnt mean to expose the 2020... not a big security deal but I just didnt want to expose the real port number I was using....
-
So now that the previous manually created rule was not working I went into log. Found the blocked entry and clicked easy rule icon and it created these:
Then I have access. I do end up changing the source to any in the "easy rule" and destination from "single host or alias"(with the IP), to "wan address" and leave blnk, even after making the change I still have access from this rule. This is what I mean, I am missing something I think or it is a bug… maytbe it is not enabling the rules I am manually creating?
-
Just an update. I manually created the rule again, applied the settings no go. Then did the easy rule, and it allowed access. Then modified easy rule to my liking, still had access. So good so far. Then I am still annoyed by this, I deleted the rules. Manually created one on WAN interface, source any, destination wan address, port 2020. Applied settings and no go. wtf?
So i started googling pfsense firewall rule bugs and found someone reporting a bug that may haver been similar at https://redmine.pfsense.org/issues/3083.
I went to the Filter Reload status and hit reload. Now everytime I manually create the rule it works like it is supposed to! I just wanted to post this so the developers could look at it if they are interested.
-
I'll still go out on a limb and say you're not doing something right. Firewall logs should show the blocked traffic when the rule is not working. hovering over the block symbol will pop up which rule blocked it.
That bug was resolved a year ago.
Updated by Chris Buechler about 1 year ago
Status changed from Feedback to Resolved
-
-
Ok, I am sure I was not doing anything wrong. I tried several times just to verify. I mean really when you add the rule manually there is what… one thing to change... il go check... yeah... destination and port. Otherwise all default settings are all ok. I am also still having issues with apinger nd I thought that was fixed? Maybe I am on an old build? It says I am on 2.1.5. Don't know. I will see if I can reproduce it again in a few weeks and ill put together a darn video. lol. You think i would make this crap up??
-
Put your manual rule in place then post a screen shot of your WAN rules screen. Also post a screenshot of your webConfigurator section of System: Advanced: Admin Access.
If it is still not working please also include a screenshot of the blocks in the firewall log and a notation of which rule it says is doing the blocking.
Get rid of any of the easy rules too for now.
-
Ok, I was in the process of starting this all over again. So I deleted the rule. I HAVE NO RULES under WAN. And now I still have access to the admin interface from outside the local network. So this proves that the rules are not updating as they should. Anything in the logs I can show you for this?? Ill let you remote into one of my local PC's over a remote desktop connection if you would like to see for yourself. You seem like a trusted member here. I will do screen shots and stuff now as I think I will be able to reproduce the issues agaiun.
-
Geez… now I know the firewall rules are acting up. I setup a rule to keep https traffic all on wan2 as a lot of web sites will not keep me authorized when the IP changes... so I was having that issue when I just tried to make a post now... went and disabled my https-wan2 rule and re-enabled it and NOW it finally updated the other rule to block admin access over WAN. There is definatley something funny going on here. I will keep playing and get screen shots together so someone else can reproduce it maybe...
-
You do know that when you change the rules you have to clear existing states if you want immediate effect right?
How often is your IP address changing?
Other people get that screen on this forum too. It has nothing to do with firewall rules. I think it happens when you have the login timeout set to -1 and some long period of time elapses, but that's just a guess on my part. Clearing cookies for the forum fixes it.
-
Ok, ill try that. Clearing my cookies.
