Open WEb GUI on existing production pfsense firewall

vabmalikusa

Hi I have a question regarding one of my customer's existing implementation. They have open PFsense firewall and Presently it doesnt have GUI enabled. i would like to enable the GUI so i can understand the rules. The customer is moving from Pfsense to meraki firewall so need to understand the rules etc and GUI will be much more simpler.

KOM

You can't disable the GUI, as far as I know. What happens when you try to access its LAN IP in a browser?

BTW, you can get this from console. Get in and run:

pfctl -s rules

to see the rules list.

jimp

Make sure you are using the correct port. It may not be running on 80 or 443.

$ grep listen /var/etc/nginx-webConfigurator.conf
		listen 443 ssl http2;
		listen [::]:443 ssl http2;
		listen 80;
		listen [::]:80;

In this case it would be listening on 443 (https) and has a redirect active on port 80.

If the GUI appears to be disabled, the redirect is probably off, so there may only be one line. Try https://x.x.x.x:YYY where x.x.x.x is the LAN IP address and YYY is the port number. If the line output from grep doesn't contain ssl, then try http://x.x.x.x:YYY

vabmalikusa

root@gateway:~ # grep listen /var/etc/nginx-webConfigurator.conf
grep: /var/etc/nginx-webConfigurator.conf: No such file or directory

/var/etc doesn’t exist on any of the three servers.

I tried to find this elsewhere, but it doesn’t appear to exist:

root@gateway:~ # find / -name 'nginx*'
/usr/ports/mail/sympa/files/nginx.sample.in
/usr/ports/www/nginx
/usr/ports/www/nginx/files/nginx.in
/usr/ports/www/nginx-full
/usr/ports/www/tengine/files/nginx.in
/usr/ports/www/nginx-devel
/usr/ports/www/nginx-devel/files/nginx.in
/usr/ports/www/bigbluebutton/files/nginx.conf-dist.in
/usr/ports/www/nginx-lite
/usr/ports/www/nginx-naxsi
root@gateway:~ #

KOM

I'm getting the feeling that you're running an ancient version of pfSense...

What version are you running now?

jimp

Are you sure that's even pfSense? It may be a generic FreeBSD system. A pfSense installation would not have a copy of /usr/ports on it.

vabmalikusa

[root@sdns ~]# uname -mrs
FreeBSD 10.1-RELEASE i386

KOM

@vabmalikusa said in Open WEb GUI on existing production pfsense firewall:

uname -mrs

That isn't particularly helpful. Try:

cat /etc/version

jimp

The prompt doesn't look like a pfSense prompt. That doesn't tell us much otherwise, though. I'm still thinking it's not pfSense. What does uname -a show? It should mention pfSense somewhere in the output if it's pfSense.

If that was pfSense that would place it around 2.2.x released in 2015 or so. There should still be some files under /etc/ from pfSense if it is that.

What about this?

# cat /etc/version

Or this:

# ls -l /etc/inc/

If it is a pure FreeBSD box then you just need to dig through /etc to find what you want.

vabmalikusa

This post is deleted!

vabmalikusa

@jimp root@sdns ~]# uname -mrs
FreeBSD 10.1-RELEASE i386

[root@sdns ~]# uname -a
FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 22:51:51 UTC 2014 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC i386
[root@sdns ~]# cat /etc/version
cat: /etc/version: No such file or directory
[root@sdns ~]# ls -l /etc/inc/
ls: /etc/inc/: No such file or directory

vabmalikusa

@jimp root@gateway:~ # uname -a
FreeBSD 11.0-RELEASE-p7 FreeBSD 11.0-RELEASE-p7 #0: Wed Feb 8 15:04:26 PST 2017 root@gateway.rmt02.testequity.com:/usr/obj/usr/src/sys/FirewallKern amd64
root@gateway:~ # cat /etc/version
cat: /etc/version: No such file or directory
root@gateway:~ # ls -l /etc/inc/
ls: /etc/inc/: No such file or directory
root@gateway:~ #

Grimson

@vabmalikusa said in Open WEb GUI on existing production pfsense firewall:

[root@sdns ~]# uname -a
FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 22:51:51 UTC 2014 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC i386

@vabmalikusa said in Open WEb GUI on existing production pfsense firewall:

@jimp root@gateway:~ # uname -a
FreeBSD 11.0-RELEASE-p7 FreeBSD 11.0-RELEASE-p7 #0: Wed Feb 8 15:04:26 PST 2017 root@gateway.rmt02.testequity.com:/usr/obj/usr/src/sys/FirewallKern amd64

Those don't look like pfSense kernels. This is from a pfSense system:

FreeBSD 11.2-RELEASE-p6 FreeBSD 11.2-RELEASE-p6 #3 518496b29ae(RELENG_2_4_4): Wed Dec 12 07:41:44 EST 2018 root@buildbot2.nyi.netgate.com:/build/ce-crossbuild-244/obj/amd64/ZfGpH5cd/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense amd64

Notice that it was build by Netgate from a pfSense tree.

vabmalikusa

@Grimson So I guess PFsense wont be an option on this to access the GUI

jimp

There may not be a GUI on that.

pfSense its its own operating system that happens to be based on FreeBSD.

You appear to have a FreeBSD system that someone manually configured to be a firewall.

pfSense can't help you get any information from that. You might try posting on a FreeBSD forum for help in tracking down the information you need from that system.