Web GUI
-
Good afternoon!
There is a server with Pfsense, two providers are connected to it. Both gateways are added to Multiwan. In the System>Advanced menu, I changed the protocol to https and changed the port. The problem is that from the Internet I can’t connect to WEB GUI only on Wan1, but not on Wan2. Other ports are forwarded without problems. The firewall turned on / off - no difference. Tell me, please, where is the error?
Всем добрый день!
Стоит шлюз на Пфсенс, подключены 2 провайдера, но до веб морды могу достучаться только через Wan1. Подскажите, куда копать? -
What kind of multi-WAN configuration is this?
Failover or loadbalance?https://docs.netgate.com/pfsense/en/latest/routing/multi-wan.html
-
Loadbalance.
-
correct configuration at first glance:
Are other services available from outside, on both WAN IPs?
I will be honest, we have 3 multi-WAN configured pfSnese, but we handle it remotely with OpenVPN.
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/openvpn-remote-access-server.html
Not via https, so this them interests me too.i don't know if pfSense pairs the dashboard (web), for example, specifically for WAN1 in load balancer mode and primarily (that wouldn't make sense
)this question also::
-
-
Please unplug the WAN 1 ethernet connector (if you can do this now depends on your environment) and see how this round-robin works
so,
" When two gateways are on the same tier, they will load balance. This means that on a per-connection basis, connections are routed over each WAN in a round-robin manner. If any gateway on the same tier goes down, it is removed from use and the other gateways on the tier continue to operate normally." -
Thanks, but that doesn’t explain why I cannot open WebGUI on both Wan1 and Wan2 at the same time.
-
there were certificat issues yesterday, maybe this will affect something at https, as it affected more everything ???
, you use DDNS?
-
-
true, we never use pfSense with this - https, so because of this:
https://www.netgate.com/blog/securely-managing-web-administered-devices.htmlbut it is very interesting why what has worked so far is not now...
what to see in the firewall log, when you want to connect from outside on WAN2?
it must be a trace of this -
-
so you don’t even get to the firewall with the request that’s a fact..
okay, meanwhile your ISP who is on the WAN2 interface is not volatile in its port filtering rules?
it is suspected that it is exactly the beginning of the month.. -
so you don’t even get to the firewall with the request that’s a fact..
okay, meanwhile your ISP who is on the WAN2 interface is not volatile in its port filtering rules?
it is suspected that it is exactly the beginning of the month..I was informed that one of the providers fell off yesterday. On the second ip it was no longer possible to enter. After a working day I'll try to restart, maybe it will help
Thanks for the help) -
you welcome
-
@DaddyGo No it didn't help
-
the fact is that if you don't see an entry in the firewall log about the attempt, it's not pfSense that is causing the error
the package / request / etc. does not reach the pfSense
it is not possible for pfSense to cancel the connection attempt, ergo the process is interrupted somewhere before it
@Илья I was informed that one of the providers fell off yesterday.
so this ISP thing is definitely the source of your problem -
Even when I turn off the firewall, packets do not fly by. Moreover, the port is pushed inside with this ip, that is, the address is available. For some reason, there is no access only to the GUI
-
It is periodically unavailable even from LAN
After reboot, I turn off / on the firewall, and from the LAN I can access the GUI through the second address. But it’s impossible to get through from the Internet.
LOL) I can redirect packets from a “non-working” ip to the LAN address of the gateway, and then everything works. -
What IPs do you use on WANs?
Are these ISP public (fixed) IPs?Can you send a log snippet of dpinger?
-
Send text or picture?