Port being blocked



  • Hi everyone,
    I have started using pfsense on a network that has an AC server to be able to control the house AC, but for some reason, it is blocking web access to it. I can PING the address and get the results just fine, BUT when I use the browser to mess with the configuration of the AC, it won't find the server, it is just like is not there at all. I was using another router and it worked just fine with it. Now that I have replaced it with PfSense latest version, well it is not letting me access the AC's browser interface.
    Any ideas what is causing this? The address is 192.168.2.230 and the port is 32032 - Just so you know how the web interface is being accessed. Thanks in advance!

    Regards

    Manny G.



  • Inter-LAN communication doesn't hit the firewall at all. Is the client on the same subnet as the AC server?



  • I haven't checked the AC server settings but I am guessing it is because if I exchange the PfSense with the original router that it was in place before, it works, but once I place the PfSense instead, it stops working, I CAN ping it BUT not connect to the web interface at all. I am using the same client computer to access the AC server and when using the original router (Which is only a router NAT becuase I have another computer running windows server 2008 R2 running DHCP/DNS/File servers) works just fine, but when using the PfSense, it stops working, again I can still ping it BUT no web interface at all.

    Manny G.



  • What are the LAN settings for both your client and the AC server? You can't be guessing here to try and debug a network problem. It would also be helpful for you to draw a simple network diagram showing what's connected to what and upload it here. You can upload images directly without needing to put them on Imgur and linking to it.



  • Here is a small diagram

    https://www.screencast.com/t/SIBDlaq64

    Hope that helps explain what I have.


  • Galactic Empire

    Looks like everything is on the same subnet, it's not a pfSense issue.

    Is the subnet mask consistent across all the devices, i'm guessing they are a /24.


  • LAYER 8 Global Moderator

    Yea as mentioned pfsense has ZERO to do with devices on the same network, in your case 192.168.2/24 talking to each other...

    The only thing that comes to mind to why it worked with your old router and not with pfsense is you were doing nat reflection on your old router..

    Ie hitting your public IP for your webserver your trying to access, for it to be reflected back in.. This is BAD practice and should be avoided.. But if you want to do that then you would have to set it up on pfsense, its not going to do that automatically like some soho routers do.

    But if your going to http://192.168.2.230:32032 or http://host.something.tld:32032 where host.something.tld resolves to your 192.168.2.230 address then pfsense has zero to do with it.



  • Thanks for the reply guys, well, I did place the old router back and removed PfSense and noticed that the browser now it didn't get the web interface of the AC server, until I had to type the whole url (e.g. http://192.168.2.230:32032/cgi/login ) which seems strange. I am too stumped of why it works with the old router and not PfSense. I haven't tested yet the full url but I am wondering....



  • @mgodinez said in Port being blocked:

    I am too stumped of why it works with the old router and not PfSense.

    But just before that you said :

    @mgodinez said in Port being blocked:

    well, I did place the old router back and removed PfSense and noticed that the browser now it didn't get the web interface of the AC server,

    So, even with the old router you didin't get to the web interface of the AC server ..... right ?
    So : the old router works - or it didn't ?

    @mgodinez said in Port being blocked:

    I had to type the whole url (e.g. http://192.168.2.230:32032/cgi/login ) which seems strange.

    Strange ?
    This is how the things works since the earlier seventies (last century).
    In the address bar of your browser you have to use an IP (IPv4 or IPv6) address, or, if you gave your device (192.168.2.230) a A record in the local DNS, an URL like
    http://my-local-server.local.lan/cgi/login


Log in to reply