Open WEb GUI on existing production pfsense firewall



  • Hi I have a question regarding one of my customer's existing implementation. They have open PFsense firewall and Presently it doesnt have GUI enabled. i would like to enable the GUI so i can understand the rules. The customer is moving from Pfsense to meraki firewall so need to understand the rules etc and GUI will be much more simpler.



  • You can't disable the GUI, as far as I know. What happens when you try to access its LAN IP in a browser?

    BTW, you can get this from console. Get in and run:

    pfctl -s rules
    

    to see the rules list.


  • Rebel Alliance Developer Netgate

    Make sure you are using the correct port. It may not be running on 80 or 443.

    $ grep listen /var/etc/nginx-webConfigurator.conf
    		listen 443 ssl http2;
    		listen [::]:443 ssl http2;
    		listen 80;
    		listen [::]:80;
    

    In this case it would be listening on 443 (https) and has a redirect active on port 80.

    If the GUI appears to be disabled, the redirect is probably off, so there may only be one line. Try https://x.x.x.x:YYY where x.x.x.x is the LAN IP address and YYY is the port number. If the line output from grep doesn't contain ssl, then try http://x.x.x.x:YYY



  • root@gateway:~ # grep listen /var/etc/nginx-webConfigurator.conf
    grep: /var/etc/nginx-webConfigurator.conf: No such file or directory

    /var/etc doesn’t exist on any of the three servers.

    I tried to find this elsewhere, but it doesn’t appear to exist:

    root@gateway:~ # find / -name 'nginx*'
    /usr/ports/mail/sympa/files/nginx.sample.in
    /usr/ports/www/nginx
    /usr/ports/www/nginx/files/nginx.in
    /usr/ports/www/nginx-full
    /usr/ports/www/tengine/files/nginx.in
    /usr/ports/www/nginx-devel
    /usr/ports/www/nginx-devel/files/nginx.in
    /usr/ports/www/bigbluebutton/files/nginx.conf-dist.in
    /usr/ports/www/nginx-lite
    /usr/ports/www/nginx-naxsi
    root@gateway:~ #



  • I'm getting the feeling that you're running an ancient version of pfSense...

    What version are you running now?


  • Rebel Alliance Developer Netgate

    Are you sure that's even pfSense? It may be a generic FreeBSD system. A pfSense installation would not have a copy of /usr/ports on it.



  • [root@sdns ~]# uname -mrs
    FreeBSD 10.1-RELEASE i386



  • @vabmalikusa said in Open WEb GUI on existing production pfsense firewall:

    uname -mrs

    That isn't particularly helpful. Try:

    cat /etc/version
    

  • Rebel Alliance Developer Netgate

    The prompt doesn't look like a pfSense prompt. That doesn't tell us much otherwise, though. I'm still thinking it's not pfSense. What does uname -a show? It should mention pfSense somewhere in the output if it's pfSense.

    If that was pfSense that would place it around 2.2.x released in 2015 or so. There should still be some files under /etc/ from pfSense if it is that.

    What about this?

    # cat /etc/version
    

    Or this:

    # ls -l /etc/inc/
    

    If it is a pure FreeBSD box then you just need to dig through /etc to find what you want.



  • This post is deleted!


  • @jimp root@sdns ~]# uname -mrs
    FreeBSD 10.1-RELEASE i386

    [root@sdns ~]# uname -a
    FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 22:51:51 UTC 2014 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC i386
    [root@sdns ~]# cat /etc/version
    cat: /etc/version: No such file or directory
    [root@sdns ~]# ls -l /etc/inc/
    ls: /etc/inc/: No such file or directory



  • @jimp root@gateway:~ # uname -a
    FreeBSD 11.0-RELEASE-p7 FreeBSD 11.0-RELEASE-p7 #0: Wed Feb 8 15:04:26 PST 2017 root@gateway.rmt02.testequity.com:/usr/obj/usr/src/sys/FirewallKern amd64
    root@gateway:~ # cat /etc/version
    cat: /etc/version: No such file or directory
    root@gateway:~ # ls -l /etc/inc/
    ls: /etc/inc/: No such file or directory
    root@gateway:~ #


  • Banned

    @vabmalikusa said in Open WEb GUI on existing production pfsense firewall:

    [root@sdns ~]# uname -a
    FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 22:51:51 UTC 2014 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC i386

    @vabmalikusa said in Open WEb GUI on existing production pfsense firewall:

    @jimp root@gateway:~ # uname -a
    FreeBSD 11.0-RELEASE-p7 FreeBSD 11.0-RELEASE-p7 #0: Wed Feb 8 15:04:26 PST 2017 root@gateway.rmt02.testequity.com:/usr/obj/usr/src/sys/FirewallKern amd64

    Those don't look like pfSense kernels. This is from a pfSense system:

    FreeBSD 11.2-RELEASE-p6 FreeBSD 11.2-RELEASE-p6 #3 518496b29ae(RELENG_2_4_4): Wed Dec 12 07:41:44 EST 2018 root@buildbot2.nyi.netgate.com:/build/ce-crossbuild-244/obj/amd64/ZfGpH5cd/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense amd64

    Notice that it was build by Netgate from a pfSense tree.



  • @Grimson So I guess PFsense wont be an option on this to access the GUI


  • Rebel Alliance Developer Netgate

    There may not be a GUI on that.

    pfSense its its own operating system that happens to be based on FreeBSD.

    You appear to have a FreeBSD system that someone manually configured to be a firewall.

    pfSense can't help you get any information from that. You might try posting on a FreeBSD forum for help in tracking down the information you need from that system.


Log in to reply