Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WebGUI from WAN breaks inbound rules

    Scheduled Pinned Locked Moved webGUI
    4 Posts 3 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      ScottNJ
      last edited by

      Ever since I upgraded to 1.2, I've had this odd problem.

      If I access the Web Administration page from the outside it kills all my incoming rules. The page starts to load then freezes midway.
      After that, everything stops working

      For example, I have a few rules such as one that allows me to ping the device from my work address, FTP, RDP, and SSH to the console. They all fail.  ???  Only doing a reboot fixes the rules.

      Yet traffic from LAN -> WAN is fine, also accessing the WebGUI works.

      I haven't really noticed it since the upgrade, because I usually have a VPN tunnel between my Cisco Concentrator and pFsense.
      For the most part when ever I accessed the WebGUI it was from the LAN side via the tunnel.

      I've taken the tunnel down while doing upgrades and noticed this odd problem. It has also happened from other locations.

      Has anyone else experienced this?

      I haven't found any posts on it, so I'm assuming it has something to do with my WAN nic and 1.2

      I'd rather not remove 1.2 because they fixed the Ipsec keep alive problem. (It seems 1.1 wouldn't keep the tunnel up and I could only initiate it from the Cisco.)

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • R
        ryates
        last edited by

        I am guessing that you have an entry under "advanced" in  Firewall -> Rules -> Wan -> rule to admit traffic to the local pfsense box IP.

        If for eg: a 1 is entered under "Maximum new connections / per second", then I too will get my accessing IP blacklisted. All traffic is blocked.  I tested this and 1) it lapses after an undetermined amount of time and 2) other IPs can access NATed stuff fine.

        Tweak those settings and you have an added protection against tomfoolery.

        ryts

        PS More testing shows that with "Maximum new connections / per second" value of 4 you get more of the gui returned but still a freeze. Ideal value not found yet.

        However, during the 1.2.1. RC testing phase there was one (now deleted) message exchange about a slow WAN gui interface.  Bet this is what caused it.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          @ryates:

          However, during the 1.2.1. RC testing phase there was one (now deleted) message exchange about a slow WAN gui interface.  Bet this is what caused it.

          That thread is still out there, couple of them if I recall. There were two separate problems there, one FreeBSD glitch specific to certain NICs and another caused by a bug fix that fixed one problem and created a different issue, both of which have been resolved in all the 1.2.1 RCs and newer.

          1 Reply Last reply Reply Quote 0
          • R
            ryates
            last edited by

            OK  & tnx - not always clear on forum when an issue is id & solved.

            With respect to my message: I note that nothing gets into the firewall logs about a blacklisting of an IP (as seems to happen - is it a blacklist). A couple of immediately blocked responses from the WAN IP to the accessing PC are recorded  (default rules 96 & 97).  Subsequent attempts from the external PC are silently rejected.

            Shouldn't something be logged?

            tnx,

            ryts

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.