• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Access from LAN Interface to LAN IP over http not possible (only over https)

Scheduled Pinned Locked Moved Cache/Proxy
12 Posts 2 Posters 1.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rftweds
    last edited by Dec 23, 2016, 7:41 PM

    Hi,

    i have: pfSense 2.3.2 running on an exsi host behind a dsl router.

    WAN Interface em0 -> 192.168.0.29 (gateway 192.168.0.1)
    LAN Interface em1 -> 10.0.0.9

    also a running IPSec VPN (10.0.1.1 i think)
    squid + clamav

    Now my Problem:

    If webConfigurator is on HTTPS i can access it form any interface on evry ip belonging to pf sense box.
      for example:
            from maschine in lan
              10.0.0.10 -> https://10.0.0.9;
            or
              10.0.0.10 -> https://192.168.0.29;
          OK.

    If webConfigurator is on HTTP i can not access lan ip from lan interface
      e.g:
          lan maschine
            10.0.0.10 -> http://10.0.0.9;        –> NOT working;
            but
            10.0.0.10 -> http://192.168.0.29 --> (wan interface) is working.

    also if i am connected via ipsec i can http://10.0.0.9 without problems

    only lan "client" to lan interface-ip on http (port 80) not working -> if i try with chrome or firefox it loads and then redirects me (WHY?) to https://10.0.0.9 ... then timeout

    evrything else is working fine, routing etc...

    I dont know why it redirects me on the lan interface to https. there is nothing special configured afaik (no firewall rules, no nginx config...)

    1 Reply Last reply Reply Quote 0
    • K
      KOM
      last edited by Dec 23, 2016, 8:29 PM

      LAN to LAN traffic doesn't cross any interfaces so pfSense is not involved from a firewall perspective – the two machines talk directly to each other.  You said you're running squid.  Transparent or explicit?  Is the browser you're using configured to use the proxy or not?  Do you have your client set to bypass the proxy for local addresses?  If using WPAD, does your wpad.dat file have DIRECT specified for LAN connections?

      1 Reply Last reply Reply Quote 0
      • R
        rftweds
        last edited by Dec 23, 2016, 8:41 PM

        thanks, interesting idea.

        squid is running transparent.

        Proxy in firefox is disabled. i also disabled it in system settings to test. no change.
        even when i disable squid server on pfsense maschine still same problem.

        i tried it with different machines windows 7 and windows server 2012 R2.

        1 Reply Last reply Reply Quote 0
        • K
          KOM
          last edited by Dec 23, 2016, 8:52 PM

          Is this a new install?

          1 Reply Last reply Reply Quote 0
          • R
            rftweds
            last edited by Dec 23, 2016, 8:56 PM

            hmm.. relatively runs for ~60 days. but i havent changed much.
            i restarted it today.

            1 Reply Last reply Reply Quote 0
            • K
              KOM
              last edited by Dec 23, 2016, 9:06 PM

              Can I assume that it didn't always behave this way and that you're not just finding it now?  If so, what changed between when it last worked and now?  Any funny NATs?  I can't imagine why it would redirect to HTTPS on its own.

              1 Reply Last reply Reply Quote 0
              • R
                rftweds
                last edited by Dec 23, 2016, 9:18 PM

                as i installed it i selected to run webconfigurator on https. now i want to change it to http (for some … reason it needs to be http)

                i dont want to reinstall the pfsense box if not realy neccessary

                the only changes i made was install squid + clamav and setup ipsec vpn (on install date)

                so i never tried http before until today.

                i relay dont know why it redirects, thats exactly the point im struggling with.

                1 Reply Last reply Reply Quote 0
                • K
                  KOM
                  last edited by Dec 23, 2016, 9:21 PM

                  You have ot change the mode in pfSense to do that.  System - Advanced - Admin Access - Protocol.  Select HTTP, click Save.  Or did you do that already?

                  1 Reply Last reply Reply Quote 0
                  • R
                    rftweds
                    last edited by Dec 23, 2016, 9:23 PM

                    thats exactly what i did. and now we are here :-)

                    1 Reply Last reply Reply Quote 0
                    • K
                      KOM
                      last edited by Dec 23, 2016, 9:44 PM

                      Anything in the System log?  I have to leave now and I have no idea when I will return.  If all else fails, snapshot the VM, save a config.xml backup and then reinstall fresh and restore your backup.

                      1 Reply Last reply Reply Quote 0
                      • R
                        rftweds
                        last edited by Dec 23, 2016, 9:51 PM

                        System log shows nothing relevant.

                        sockstat shows nginx running on port 80
                        nothing on 443 only php-fpm listen on *

                        1 Reply Last reply Reply Quote 0
                        • R
                          rftweds
                          last edited by Dec 24, 2016, 9:23 AM

                          so ok. i got it running.

                          Reinstalled pfSense (this time i selected http) then restored the config (no problems with that)

                          it works now, i can access on http

                          thanks for the help

                          1 Reply Last reply Reply Quote 0
                          1 out of 12
                          • First post
                            1/12
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received