Access from LAN Interface to LAN IP over http not possible (only over https)

rftweds

Hi,

i have: pfSense 2.3.2 running on an exsi host behind a dsl router.

WAN Interface em0 -> 192.168.0.29 (gateway 192.168.0.1)
LAN Interface em1 -> 10.0.0.9

also a running IPSec VPN (10.0.1.1 i think)
squid + clamav

Now my Problem:

If webConfigurator is on HTTPS i can access it form any interface on evry ip belonging to pf sense box.
  for example:
        from maschine in lan
          10.0.0.10 -> https://10.0.0.9;
        or
          10.0.0.10 -> https://192.168.0.29;
      OK.

If webConfigurator is on HTTP i can not access lan ip from lan interface
  e.g:
      lan maschine
        10.0.0.10 -> http://10.0.0.9;        –> NOT working;
        but
        10.0.0.10 -> http://192.168.0.29 --> (wan interface) is working.

also if i am connected via ipsec i can http://10.0.0.9 without problems

only lan "client" to lan interface-ip on http (port 80) not working -> if i try with chrome or firefox it loads and then redirects me (WHY?) to https://10.0.0.9 ... then timeout

evrything else is working fine, routing etc...

I dont know why it redirects me on the lan interface to https. there is nothing special configured afaik (no firewall rules, no nginx config...)

KOM

LAN to LAN traffic doesn't cross any interfaces so pfSense is not involved from a firewall perspective – the two machines talk directly to each other.  You said you're running squid.  Transparent or explicit?  Is the browser you're using configured to use the proxy or not?  Do you have your client set to bypass the proxy for local addresses?  If using WPAD, does your wpad.dat file have DIRECT specified for LAN connections?

rftweds

thanks, interesting idea.

squid is running transparent.

Proxy in firefox is disabled. i also disabled it in system settings to test. no change.
even when i disable squid server on pfsense maschine still same problem.

i tried it with different machines windows 7 and windows server 2012 R2.

KOM

Is this a new install?

rftweds

hmm.. relatively runs for ~60 days. but i havent changed much.
i restarted it today.

KOM

Can I assume that it didn't always behave this way and that you're not just finding it now?  If so, what changed between when it last worked and now?  Any funny NATs?  I can't imagine why it would redirect to HTTPS on its own.

rftweds

as i installed it i selected to run webconfigurator on https. now i want to change it to http (for some … reason it needs to be http)

i dont want to reinstall the pfsense box if not realy neccessary

the only changes i made was install squid + clamav and setup ipsec vpn (on install date)

so i never tried http before until today.

i relay dont know why it redirects, thats exactly the point im struggling with.

KOM

You have ot change the mode in pfSense to do that.  System - Advanced - Admin Access - Protocol.  Select HTTP, click Save.  Or did you do that already?

rftweds

thats exactly what i did. and now we are here :-)

KOM

Anything in the System log?  I have to leave now and I have no idea when I will return.  If all else fails, snapshot the VM, save a config.xml backup and then reinstall fresh and restore your backup.

rftweds

System log shows nothing relevant.

sockstat shows nginx running on port 80
nothing on 443 only php-fpm listen on *

rftweds

so ok. i got it running.

Reinstalled pfSense (this time i selected http) then restored the config (no problems with that)

it works now, i can access on http

thanks for the help