Another GUI over WAN issue. Settings Confirmed Correct(?)



  • Simple issue. Cannot hit the web GUI remotely. Locally works just fine using internal or external address.
    Hardware: Netware 4 porter
    2.3.2-RELEASE
    Admin on HTTPS(443) tried other ports.
    No NAT rules
    1 WAN rule. Allow from * to hit WAN Adress on HTTPS

    Port 0: WAn
    Port 1: Management(set everything up from here)
    Port 2/3: Local Lan(LAGG)

    I am hitting something. I just not getting a response on the browser. This is the packet capture when I hammer the IP from my hotel:
    04:56:20.636118 IP ROUTER_IP.50874 > 162.208.119.39.443: tcp 31
    04:56:21.074989 IP ROUTER_IP.5537 > 216.58.217.142.443: tcp 1
    04:56:21.095738 IP 216.58.217.142.443 > ROUTER_IP.5537: tcp 0
    04:56:22.349467 IP ROUTER_IP.56254 > 188.172.251.3.443: tcp 24
    04:56:22.543730 IP 188.172.251.3.443 > ROUTER_IP.56254: tcp 0
    04:56:23.209843 IP 50.224.200.162.61595 > ROUTER_IP.443: tcp 0
    04:56:23.209955 IP ROUTER_IP.443 > 50.224.200.162.61595: tcp 0
    04:56:23.211187 IP 50.224.200.162.61596 > ROUTER_IP.443: tcp 0
    04:56:23.211277 IP ROUTER_IP.443 > 50.224.200.162.61596: tcp 0
    04:56:24.833115 IP ROUTER_IP.7091 > 162.208.119.39.443: tcp 31
    04:56:26.209117 IP ROUTER_IP.443 > 50.224.200.162.61595: tcp 0
    04:56:26.211106 IP ROUTER_IP.443 > 50.224.200.162.61596: tcp 0
    04:56:28.844864 IP 50.224.200.162.61597 > ROUTER_IP.443: tcp 0
    04:56:28.844953 IP ROUTER_IP.443 > 50.224.200.162.61597: tcp 0
    04:56:29.209107 IP ROUTER_IP.443 > 50.224.200.162.61595: tcp 0
    04:56:29.211103 IP ROUTER_IP.443 > 50.224.200.162.61596: tcp 0
    04:56:29.286009 IP 50.224.200.162.61598 > ROUTER_IP.443: tcp 0
    04:56:29.286093 IP ROUTER_IP.443 > 50.224.200.162.61598: tcp 0
    04:56:30.052646 IP 50.224.200.162.61599 > ROUTER_IP.443: tcp 0
    04:56:30.052727 IP ROUTER_IP.443 > 50.224.200.162.61599: tcp 0
    04:56:30.055058 IP 50.224.200.162.61600 > ROUTER_IP.443: tcp 0
    04:56:30.055123 IP ROUTER_IP.443 > 50.224.200.162.61600: tcp 0
    04:56:31.844116 IP ROUTER_IP.443 > 50.224.200.162.61597: tcp 0
    04:56:32.209150 IP ROUTER_IP.443 > 50.224.200.162.61595: tcp 0
    04:56:32.211151 IP ROUTER_IP.443 > 50.224.200.162.61596: tcp 0
    04:56:32.286150 IP ROUTER_IP.443 > 50.224.200.162.61598: tcp 0
    04:56:33.052144 IP ROUTER_IP.443 > 50.224.200.162.61599: tcp 0
    04:56:33.055105 IP ROUTER_IP.443 > 50.224.200.162.61600: tcp 0
    04:56:34.844153 IP ROUTER_IP.443 > 50.224.200.162.61597: tcp 0
    04:56:35.286104 IP ROUTER_IP.443 > 50.224.200.162.61598: tcp 0
    04:56:36.052111 IP ROUTER_IP.443 > 50.224.200.162.61599: tcp 0
    04:56:36.055103 IP ROUTER_IP.443 > 50.224.200.162.61600: tcp 0
    04:56:37.844106 IP ROUTER_IP.443 > 50.224.200.162.61597: tcp 0
    04:56:38.286102 IP ROUTER_IP.443 > 50.224.200.162.61598: tcp 0
    04:56:39.052105 IP ROUTER_IP.443 > 50.224.200.162.61599: tcp 0
    04:56:39.055102 IP ROUTER_IP.443 > 50.224.200.162.61600: tcp 0
    04:56:40.363056 IP ROUTER_IP.50999 > 216.58.217.142.443: tcp 1
    04:56:40.382044 IP 216.58.217.142.443 > ROUTER_IP.50999: tcp 0
    04:56:42.382076 IP 50.224.200.162.61595 > ROUTER_IP.443: tcp 0
    04:56:42.384079 IP 50.224.200.162.61601 > ROUTER_IP.443: tcp 0
    04:56:42.384166 IP ROUTER_IP.443 > 50.224.200.162.61601: tcp 0
    04:56:42.401229 IP 50.224.200.162.61596 > ROUTER_IP.443: tcp 0
    04:56:43.468354 IP 50.224.200.162.61602 > ROUTER_IP.443: tcp 0
    04:56:43.468439 IP ROUTER_IP.443 > 50.224.200.162.61602: tcp 0
    04:56:44.064709 IP 50.224.200.162.61603 > ROUTER_IP.443: tcp 0
    04:56:44.064798 IP ROUTER_IP.443 > 50.224.200.162.61603: tcp 0
    04:56:45.384150 IP ROUTER_IP.443 > 50.224.200.162.61601: tcp 0
    04:56:46.468108 IP ROUTER_IP.443 > 50.224.200.162.61602: tcp 0
    04:56:47.064110 IP ROUTER_IP.443 > 50.224.200.162.61603: tcp 0
    04:56:48.021980 IP 50.224.200.162.61597 > ROUTER_IP.443: tcp 0
    04:56:48.022606 IP 50.224.200.162.61604 > ROUTER_IP.443: tcp 0
    04:56:48.022696 IP ROUTER_IP.443 > 50.224.200.162.61604: tcp 0
    04:56:48.384104 IP ROUTER_IP.443 > 50.224.200.162.61601: tcp 0
    04:56:48.711177 IP 50.224.200.162.61598 > ROUTER_IP.443: tcp 0

    HELP!
    Tried port forwarding like I've done before on my old PFsense system. Nada.



  • I would strongly recommend against exposing WebGUI on WAN.  if you need remote management, install OpenVPN and then connect to your network that way and get to WebGUI via its LAN IP address.



  • Thanks for that. because of this issue that will most likely be the solution.
    But I would like to at least know why this is happening. Makes me think what else could possibly be affected.



  • Post a sanitized screencap of your WAN rules please, just to confirm that the rule is correct and in the right place.



  • Sure thing!
    I've added management and LAN just in case.







  • LAYER 8 Netgate

    Are you sure none of those port forwards you tried are still in place?

    This just works. You have something breaking it somewhere.

    Send me a copy of /tmp/rules.debug pasted into a PM.

    Looks like it could also be something in your browser.



  • As I recall even with a full wipe and setup from scratch I still had an issue in my lab environment.

    I've PM'd you. Thanks alot!
    Currently OpenVPN is rock steady as expected.


  • LAYER 8 Netgate

    pass  in  quick  on $WAN reply-to ( igb0 WAN_GATEWAY ) inet proto tcp  from any to OFFICE_STATIC_IP port 443 tracker 1474672711 flags S/SA keep state  label "USER_RULE"

    Looks fine - are you sure it's even listening on 443? Are the connection attempts arriving on WAN? (Do another packet capture there probably filtering on the source IP).


Log in to reply