Lockedout LAN ? Huh ??



  • I changed the LAN login for pfsense from the default https port to another port.
    I also enabled Block private networks and Enabled Block bogon networks but my local address starts as 192.168..

    I am now locked out of the webgui!

    I have physical access to the firewall via serial port/putty.

    How can I do the following:

    1. Disable "block private networks"
    2. Disable "block bogon networks"

    via shell and I should be able to get back via webgui, I hope.

    Thanks in-advance for any help


  • LAYER 8 Global Moderator

    "I also enabled Block private networks and Enabled Block bogon networks but my local address starts as 192.168.."

    Why would you have don't that???

    Did you also turn off the antilockout rule?  This rule is there to keep you from locking yourself out like that..



  • @johnpoz:

    "I also enabled Block private networks and Enabled Block bogon networks but my local address starts as 192.168.."

    Why would you have don't that???

    Did you also turn off the antilockout rule?  This rule is there to keep you from locking yourself out like that..

    Because I'm an idiot and a total noob! I changed the port for the https login but I forgot to update the port in the anti-lockout firewall rule.
    How it happened was I was reading this tutorial I found on how to add another pfsense box to setup an HA, and somewhere I messed up big time.
    I then found out I need 3 static ip's and I dont even have one static ip, I have a cable connection at home and wanted to setup the 2nd box for failover  :( :(


  • LAYER 8 Global Moderator

    It would auto update to the ports your using for your gui in the autolock rule..

    Worse case at the console just reset it to factory..




  • @johnpoz:

    It would auto update to the ports your using for your gui in the autolock rule..

    Then I just need to:

    1. Disable "block private networks"
    2. Disable "block bogon networks"

    via shell, but how do I do this ?


  • LAYER 8 Global Moderator

    if your antilock rule is working it would be above those rules and would allow you in…



  • "When this is unchecked, access to the webConfigurator on the LAN interface is always permitted, regardless of the user-defined firewall rule set. Check this box to disable this automatically added rule, so access to the webConfigurator is controlled by the user-defined firewall rules (ensure a firewall rule is in place that allows access, to avoid being locked out!)

    Hint: the "Set interface(s) IP address" option in the console menu resets this setting as well."



  • @johnpoz:

    if your antilock rule is working it would be above those rules and would allow you in…

    So is it possible to add a firewall rule to allow everything on a LAN ?
    like:```
    easyrule pass LAN tcp 192.168.1.2 192.168.3.200 any



  • @hda:

    "When this is unchecked, access to the webConfigurator on the LAN interface is always permitted, regardless of the user-defined firewall rule set. Check this box to disable this automatically added rule, so access to the webConfigurator is controlled by the user-defined firewall rules (ensure a firewall rule is in place that allows access, to avoid being locked out!)

    Hint: the "Set interface(s) IP address" option in the console menu resets this setting as well."

    So if I Set interface(s) IP address to the same IP address that I had it will reset the "block private networks" and "block bogon networks" to their defaults ??? SWEET!!

    I will try this went I get home, thanks


Log in to reply