Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1
-
Hi all,
I'm experiencing some really big problems here. I can't seem to get to my servers behind HAProxy. At first I thought it was HAProxy, but I realized that I changed nothing. In fact, when I look at Status | System Logs | Firewall, I don't even see the requests coming in.
Cloudflare looked into it from their end, and they see the requests passing through their DNS. I can get to 1194, I can get to 22, I can get to 8443 for the webGUI, but 80 and 443 are not working.
What might I be doing wrong? I have set up my Firewall Rules for HAProxy just like every tutorial out there.
Thanks in advance for any advice.
-
@thisisbenwoo said in Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1:
What might I be doing wrong?
We can only react on what you told us.
So :
@thisisbenwoo said in Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1:
I can get to 8443 for the webGUI
You have a VPN access, right ? So ditch this 8443 GUI access.
(edit : which is, of course, totally not related to the question - I know)Why your "HAproxy" doesn't seem to work : dono .....
Because you're not detailing anything, I just can't drop in here the "x billion possible issues".Btw :
@thisisbenwoo said in Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1:
In fact, when I look at Status | System Logs | Firewall, I don't even see the requests coming in.
When you install pfSense :
The hidden block all rules don't log.
The one and only firewall on the LAN interface doesn't log.
So there will be not log entries in the firewall log at all.@thisisbenwoo said in Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1:
just like every tutorial out there.
..... and finally people come here as they discover that they all miss some random info that 'makes it work'.
Use the official guides. See the Manual and Youtube->Netgate.
And never make your setup 'special' : for your own sake : keep it simple. -
Thanks for your reply...
@gertjan said in Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1:
@thisisbenwoo said in Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1:
What might I be doing wrong?
We can only react on what you told us.
Understood, not trying to get you to read my mind!! :-)
So :
@thisisbenwoo said in Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1:
I can get to 8443 for the webGUI
You have a VPN access, right ? So ditch this 8443 GUI access.
(edit : which is, of course, totally not related to the question - I know)I respect this answer, but why do you suggest this? Is it for security reasons? I've kept 8443 because in the event that the VPN fails (or in some instances where VPN access is not permitted, such as when I'm logging in at a client, I've kept it open).
When you install pfSense :
The hidden block all rules don't log.
The one and only firewall on the LAN interface doesn't log.
So there will be not log entries in the firewall log at all.Ah! Did not realize this. Is there a way of turning on logging this?
@thisisbenwoo said in Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1:
just like every tutorial out there.
..... and finally people come here as they discover that they all miss some random info that 'makes it work'.
Use the official guides. See the Manual and Youtube->Netgate.
And never make your setup 'special' : for your own sake : keep it simple.I was generic in my post - I actually followed the Manual recipe. I like keeping my approach to configuration as close to stock as possible. I did a port scan from an online port scanner, and it shows that everything is blocked except 80, but even when I come in on 80, despite having an http-https rule, nothing is going through :-(
That said, I"m going to review the Netgate Manual recipe again for HA Proxy.
Thanks for your reply @Gertjan, networking is the part of technology I have the least expertise.
b
-
Well, would you believe I found the problem (after weeks of tearing my hair out!!)
My ISP, AT&T Gig Fiber, decided to block port 443 for "security reasons," and did not tell anyone! Who would have thought?
GRRRR AT&T
-
@thisisbenwoo said in Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1:
I've kept 8443 because
There are 'only' 65535 ports.
Portscanner will find your 8443 quickly.
I guess it's possible, by looking at the return packets - and the presented GUI login page ;) , the attacker can know upfront that he deals with pfSense.
So the login is 'admin'.
Leave open the last hurdle : the password.
Now enter the dictionary attack ....Btw :
Your 8443 is close to 443 which somewhat (might) explain :@thisisbenwoo said in Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1:
decided to block port 443 for "security reasons,"
Hosting 'servers' yourself, like web servers can create situations where the clients, who hosts a site, starts sharing info that creates "issues".
The responsibility of the ISP could be engaged.I understand why you want to use '443' as this port will be the last one being blocked from any location.
OpenVPN uses UDP, a web server uses TCP, even UDP is blocked ?@thisisbenwoo said in Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1:
Is there a way of turning on logging this?
The default firewall blocking rule ?
For 'educational reasons', yes, of course.
Goto Status> System Logs > Settings
and check "Log firewall default blocks".
