[SOLVED] No access to webGUI on fresh install
-
Are you tagging traffic.. Only reason I could think that would not answer would be if its tagged so it not going to answer or something.
What switch do you have between, is your pc directly connected to the interface? Can you post the output of ifconfig on pfsense.
No, it's direct connection. I tried using switch too, no luck… There was one interesting effect before though, not sure if it's related, but when it was working (I used to have access to webGUI from LAN) - WAN was not working, not getting ip from ISP's DHCP, and I managed to "fix" this with switch. I thought it was related either with MDI/MDI-X autodetection feature (most likely) or just power(very unlikely). When I was connecting just directly to WAN there was no light at all. I guess this will be my second problem if I'll fix current, because I need that switch for some more reasonable use)
Here it goes: (LAN connected to PC directly, WAN disconnected)
re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=8209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether fc:aa:14:2f:18:cf hwaddr fc:aa:14:2f:18:cf inet6 fe80::feaa:14ff:fe2f:18cf%re0 prefixlen 64 scopeid 0x1 nd6 options=23 <performnud,accept_rtadv,auto_linklocal>media: Ethernet autoselect (none) status: no carrier re1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=8209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether 4c:cc:6a:b7:ee:75 hwaddr 4c:cc:6a:b7:ee:75 inet6 fe80::4ecc:6aff:feb7:ee75%re1 prefixlen 64 scopeid 0x2 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex,master>) status: active lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 nd6 options=21 <performnud,auto_linklocal>groups: lo enc0: flags=0<> metric 0 mtu 1536 nd6 options=21 <performnud,auto_linklocal>groups: enc pflog0: flags=100 <promisc>metric 0 mtu 33160 groups: pflog pfsync0: flags=0<> metric 0 mtu 1500 groups: pfsync syncpeer: 224.0.0.240 maxupd: 128 defer: on syncok: 1</promisc></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></full-duplex,master></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></up,broadcast,running,simplex,multicast></performnud,accept_rtadv,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></up,broadcast,running,simplex,multicast> -
Just ditch the realteks. They are done.
-
Dude how does your machine have the same mac address as your pfsense lan interface?
Never going to work!!! Should of noticed that in the sniff first, look at your dhcp stuff its all from same mac to what looks like itself.
-
Dude how does your machine have the same mac address as your pfsense lan interface?
Never going to work!!! Should of noticed that in the sniff first, look at your dhcp stuff its all from same mac to what looks like itself.
Holy shell! Thank you!
It seems that it somehow persisted even after reinstall and I was changing it before to my router's, at least that's what I was thinking…
Well, need to find how to change it now) My current router is working like nightmare, loading pages for minutes, literally.
-
I had skimmed over your question for the arps tell 0.0.0.0 I mentioned which you have a lot of in that sniff.
Since no answers.. Client is resorting to asking anybody out there - hey router/switches do you know this IP… what is its mac??
So you did a mac spoof on pfsense, or you changed the mac on your machine? You could reverse your nics as quick fix.. So you put the mac on the other L2, this would allow you to get to your LAN and the web gui from your machine. And your ISP would most likely give you the IP your machine was getting before if connected to the modem, etc.
But yeah in the long term I would correct that.. Another quick fix if the original mac was lost - is just change it to something else that you don't have a duplicate of ;)
-
Yes, I changed mac on pfSense. Was thinking that my ISP might want it, because I was not getting to internet… but that's another question)
Hm, I don't know how to reverse them, lost that mac already. I guess anything but duplicate will be okay)
Changed it with
ifconfig re1 ether 00:23:ad:32:71:2b(made it up)
Is this proper way?And… dhcp seems working finally! But still can't access!
Will check further and post... disabled proxy already. -
…
Changed it withifconfig re1 ether 00:23:ad:32:71:2b(made it up)
As long as it isn't a duplicate of something that lives in the neighborhood.
-
Well I see arp back in that pcap, and see you send syn to 192.168.1.1 on that mac… But there is no answer. Do you have pfsense listening on 443 for the gui? Did you turn off the anti lockout rules?
Why would you not atleast use the correct vendor part of the mac? You have it setup for Xmark Corporation?
Your other nic shows fc:aa:14 which lists GIGA-BYTE TECHNOLOGY CO.,LTD
-
Well I see arp back in that pcap, and see you send syn to 192.168.1.1 on that mac… But there is no answer. Do you have pfsense listening on 443 for the gui? Did you turn off the anti lockout rules?
Why would you not atleast use the correct vendor part of the mac? You have it setup for Xmark Corporation?
Your other nic shows fc:aa:14 which lists GIGA-BYTE TECHNOLOGY CO.,LTD
I reverted it to http now just to try. Attaching sockstat & netstat. No, I didn't turn them off. They must be default. I Tried to explicitly turn off the firewall (forgot that exact command), no luck.
Should I care about that mac, like at all? I like how Xmark sounds) If only it all worked…
-
well from your sockstat your listening on 80.. So is it working on 80… Do you see mac in your arp on client... Do you get an arp reply back.. when you send syn to 80 do you get syn ack back?
Maybe that nic doesn't like other mac... Put it mac back, or get another nic.. You didn't mess with the wan nic right... Well then reverse them and see if you can get the gui..
But to restate Derelict comments.. Realtek nics do pretty much suck ;)
-
The MAC address on an interface in pfSense is set permanently in Interfaces > INTERFACE_NAME.
-
well from your sockstat your listening on 80.. So is it working on 80… Do you see mac in your arp on client... Do you get an arp reply back.. when you send syn to 80 do you get syn ack back?
Maybe that nic doesn't like other mac... Put it mac back, or get another nic.. You didn't mess with the wan nic right... Well then reverse them and see if you can get the gui..
But to restate Derelict comments.. Realtek nics do pretty much suck ;)
It was indeed that!
I've just changed to hardware mac and it finally works now!
Now I'm on my next problem, haha. And it looks very confusing…
But I'm getting to webGUI and even internet works... kind of.
Thank you very much!The MAC address on an interface in pfSense is set permanently in Interfaces > INTERFACE_NAME.
It was very useful advice when I was not able to get to webGUI, thanks.
-
….and even internet works... kind of.
Oh. Let me guess … the quad-8 problem ?
Anyway, glad things worked out.
-
….and even internet works... kind of.
Oh. Let me guess … the quad-8 problem ?
Anyway, glad things worked out.
Never heard… this https://forum.pfsense.org/index.php?topic=145038.0
Thanks, closing this as solved.
