<![CDATA[WebGUI from WAN breaks inbound rules]]>Ever since I upgraded to 1.2, I've had this odd problem.

If I access the Web Administration page from the outside it kills all my incoming rules. The page starts to load then freezes midway.
After that, everything stops working

For example, I have a few rules such as one that allows me to ping the device from my work address, FTP, RDP, and SSH to the console. They all fail.  ???  Only doing a reboot fixes the rules.

Yet traffic from LAN -> WAN is fine, also accessing the WebGUI works.

I haven't really noticed it since the upgrade, because I usually have a VPN tunnel between my Cisco Concentrator and pFsense.
For the most part when ever I accessed the WebGUI it was from the LAN side via the tunnel.

I've taken the tunnel down while doing upgrades and noticed this odd problem. It has also happened from other locations.

Has anyone else experienced this?

I haven't found any posts on it, so I'm assuming it has something to do with my WAN nic and 1.2

I'd rather not remove 1.2 because they fixed the Ipsec keep alive problem. (It seems 1.1 wouldn't keep the tunnel up and I could only initiate it from the Cisco.)

Thanks in advance.

]]>https://forum.netgate.com/topic/11338/webgui-from-wan-breaks-inbound-rulesRSS for NodeSun, 19 Apr 2026 05:14:25 GMTFri, 10 Oct 2008 19:40:35 GMT60<![CDATA[Reply to WebGUI from WAN breaks inbound rules on Tue, 30 Dec 2008 02:14:36 GMT]]>OK  & tnx - not always clear on forum when an issue is id & solved.

With respect to my message: I note that nothing gets into the firewall logs about a blacklisting of an IP (as seems to happen - is it a blacklist). A couple of immediately blocked responses from the WAN IP to the accessing PC are recorded  (default rules 96 & 97).  Subsequent attempts from the external PC are silently rejected.

Shouldn't something be logged?

tnx,

ryts

]]>https://forum.netgate.com/post/187481https://forum.netgate.com/post/187481Tue, 30 Dec 2008 02:14:36 GMT<![CDATA[Reply to WebGUI from WAN breaks inbound rules on Tue, 30 Dec 2008 01:55:16 GMT]]>@ryates:

However, during the 1.2.1. RC testing phase there was one (now deleted) message exchange about a slow WAN gui interface.  Bet this is what caused it.

That thread is still out there, couple of them if I recall. There were two separate problems there, one FreeBSD glitch specific to certain NICs and another caused by a bug fix that fixed one problem and created a different issue, both of which have been resolved in all the 1.2.1 RCs and newer.

]]>https://forum.netgate.com/post/187480https://forum.netgate.com/post/187480Tue, 30 Dec 2008 01:55:16 GMT<![CDATA[Reply to WebGUI from WAN breaks inbound rules on Tue, 30 Dec 2008 01:43:13 GMT]]>I am guessing that you have an entry under "advanced" in  Firewall -> Rules -> Wan -> rule to admit traffic to the local pfsense box IP.

If for eg: a 1 is entered under "Maximum new connections / per second", then I too will get my accessing IP blacklisted. All traffic is blocked.  I tested this and 1) it lapses after an undetermined amount of time and 2) other IPs can access NATed stuff fine.

Tweak those settings and you have an added protection against tomfoolery.

ryts

PS More testing shows that with "Maximum new connections / per second" value of 4 you get more of the gui returned but still a freeze. Ideal value not found yet.

However, during the 1.2.1. RC testing phase there was one (now deleted) message exchange about a slow WAN gui interface.  Bet this is what caused it.

]]>https://forum.netgate.com/post/187477https://forum.netgate.com/post/187477Tue, 30 Dec 2008 01:43:13 GMT