Cannot Access WebConfigurator

Jarhead

@brianmcg I will never understand why anyone would want a firewall as a VM so I have never done this.
But it looks like you may have the switches reversed, meaning what you call external, is actually connected to the internal.
Go into pfSense and reassign the interfaces in the reverse order. So what you have as the WAN now will be the LAN and vice versa.

Gertjan

@brianmcg said in Cannot Access WebConfigurator:

how is it protected?

These are my words, I'm not a pfSense in a VM expert.

I was using pfSense in a VM @home.
The PC used is also my main home PC, suing Windows 10 Pro so Hyper-V was available.

I reserved one NIC 'physically' for the VM, used by pfSense.
This means that when pfSense uses this NIC, it is the only one using it. My host, Windows 10, was not using this NIC. This NIC was of course the pfSense WAN interface, connected to my uplink ISP router.

Another VM NIC, assigned also to a hardware NIC, is shared among the host, the VM and other VMs in my host PC. This was my LAN network.

Because my host OS uses only the internal VM NIC (switched with an external real hardware NIC ) called LAN, my host PC was 'behind' pfSense.

@jarhead said in Cannot Access WebConfigurator:

I will never understand why anyone would want a firewall as a VM

I had one : didn't want to buy more hardware as needed.
I was using pfSense @home purely for development reasons. I could mess around with it, and rebuild from scratch in minutes.
@work : I agree. I've been using always a hardware bare bone solution. It's a SG4100 since a couple of months.

BrianMcG

@gertjan Thanks for that your comment:
"I reserved one NIC 'physically' for the VM, used by pfSense."
finally made one penny drop, anyway. Obviously you disabled:
"Allow management operating system to share this network adapter" for your EXTERNAL Switch. This obviously protects the Server from the WAN. So thanks for that. :-)

Mine is currently ticked. It's the only way I have any internet access.

My current setup is that I have one Server, called FILE-SERVER, running Server 2019 and Hyper-V. Inside Hyper-V I have two VMs: pfSense and BRIANS-PC running Windows 11. I also currently only have one Network Adapter - the one on the new motherboard inside FILE-SERVER. (I thought I had 3 x 1Gb adapters available. But it turned out that they were so old the were only PCI Adapters, so would not fit the new motherboard.) I have a new 2.5Gb on order, from AliExpress, that I intend to use to connect to an 8-port hardware switch an the rest of the internal network.

I want pfSense to act as a firewall for FILE-SERVER and all of its VMs, as well as the rest of the internal network. HOWEVER, first, I have to get pfSense working.

pfSEnse's WAN is connected to the EXTERNAL Virtual Switch with an IP Address of 192.168.0.2 and an Gateway of 192.168.0.1 on our ISP's Router.

pfSEnse's LAN is connected to the INTERNAl Virtual Switch with an IP Address of 192.168.16.1 which is intended to be the Gateway of Internal Network.

Stage one is to get Brians-PC, a VM inside Hyper-V, connected to the Internet. It has a Virtual Adapter with an IP of 192.168.16.3 and a Gateway of 192.168.16.1 - but it is NOT working, and I'm buggered if I know why. The only thing it can ping on the 192.168.16.x Network is itself 192.168.16.3!!

BrianMcG

@jarhead I tried that. It made no difference - apart from the fact that I lost all Internet connectivity. I could not connect to the WebConfigurator using either IP address. So i've switched them back again. If you look at link text I think you will see that it's connected correctly.

Jarhead

@brianmcg said in Cannot Access WebConfigurator:

@rico I've tried https://192.168.1.1/ as well. It didn't work either.

Whilst I was in the pfSense VM, I reconfigured the IP Address of the INTERNAL Virtual Switch to 192.168.16.1 That's why the installer told me to use 192.168.16.1, surely?

Is the switch really .1 also?

BrianMcG

@jarhead The short answer is YES. But herewith screen shots of all my settings - just in case you have other questions:
From FILE-SERVER the Windows Server 2019 machine running pfSense:



From Brians-PC a WIndows 11 PC inside Hyper-V:


As you can see Brians-PC can't even ping 192.168.16.1

Jarhead

@brianmcg Can't have both devices using the same IP. Change the internal switch to 192.168.16.254.

Going back over this thread now.

Honestly I think you should just enable the dhcp server on pfSense LAN and set the switch to dhcp. See if it gets an address.
Other than using the same IP twice, it's hard to tell if everything is connected correctly with all being VM. DHCP will help, and after the test you can just turn it off again.

BrianMcG

@jarhead OH!! That wasn't an accident. I thought pfSense and the INTERNAL Switch were the same thing! So I used the same IP Address deliberately.

I'll do what you suggest; enable the DHCP on pfSense for the INTERNAL Network; disable the DHCP Server on FILE-SERVER; allow Brians-PC to pick up an IP Address and see if tha makes any difference. If it does we'll at least know the source of the problem.

Good job I posted all my settings.

BrianMcG

@jarhead I just did as you suggested, I :

• enabled the LAN DHCP Server on pfSense to allocate IP Address from 192.168.16.100 up,
• Changed the INTERNAL Network Switch to pickup its IP Address using DHCP,
• Changed Brians-PC to pickup its IP Address using DHCP,
• Ensured FILE-SERVER was not also a DHCP Server,
• Ran IPCONFIG on both Brians-PC and FILE-Server:
  - Brians-PC Autoconfiguration IPv4 Address 169.254.215.192,
  - INTERNAL Virtual Switch Autoconfiguration IPv4 Address 169.254.255.141
  So it seems that pfSense's DHCP Server did not dish out any IP addresses.

Incidentally, if there are two DHCP Servers on different Virtual Networks dishing out IP Address, how is a humble Network Adapter supposed to know which one you want it to connect to? Are they blessed with ESP?

Jarhead

@brianmcg I think I just found the problem. On your internal switch you chose Internal network, should be Private Network.

BrianMcG

@jarhead I thought the difference between a Private network and an Internal network in Hyper-V was that a Private network enabled the VMs inside a Host to communicate with each other, and that an Internal network included the Host as well. That's why I did what I did. But I'll give it a go and see what happens.

You haven't answered my point about how does a Network Adapter set to DHCP know which DHCP Server to listen to.

BrianMcG

@jarhead Hmmm.... Tried that. The only difference it made was, as suspected, FILE-SERVER could no-longer see the INTERNAL Virtual Switch. So it cannot connect to the INTERNAL Network as required.

I'm wondering whether the problem it with my EXTERNAL Virtual Switch. You see, I initially gave my Network Adapter on the motherboard of FILE-SERVER (you know the real one), the IP Address on 192.168.0.2. When I created the EXTERNAL Virtual Switch in Hyper-V and connected it to that Network Adapter, the EXTERNAL Virtual Switch adopted 192.168.0.2 as its IP Address - leaving the Network Adapter without an IP Address. (I have allowed the Management Operating System to use the Network Adapter so that I still have some Internet connectivity. I'll remove it when everything else is going.

But then, when I was specifying the IP Addresses for pfSense, I gave its WAN connection the SAME IP Address of 192.168.0.2. Should THIS have a different IP on the EXTERNAL Network - 192.168.0.5 perhaps? I'll Give that a go.

Jarhead

@brianmcg said in Cannot Access WebConfigurator:

@jarhead I thought the difference between a Private network and an Internal network in Hyper-V was that a Private network enabled the VMs inside a Host to communicate with each other, and that an Internal network included the Host as well. That's why I did what I did. But I'll give it a go and see what happens.

You haven't answered my point about how does a Network Adapter set to DHCP know which DHCP Server to listen to.

My mistake, I thought you were only connecting VM's. You're correct in what you're thinking about the 2 switches, internal puts you on the hosts network, private is a separate network. There's no way for a pc to know which dhcp server to connect to, that's why you should never have more than one.

Jarhead

@brianmcg said in Cannot Access WebConfigurator:

@jarhead Hmmm.... Tried that. The only difference it made was, as suspected, FILE-SERVER could no-longer see the INTERNAL Virtual Switch. So it cannot connect to the INTERNAL Network as required.

I'm wondering whether the problem it with my EXTERNAL Virtual Switch. You see, I initially gave my Network Adapter on the motherboard of FILE-SERVER (you know the real one), the IP Address on 192.168.0.2. When I created the EXTERNAL Virtual Switch in Hyper-V and connected it to that Network Adapter, the EXTERNAL Virtual Switch adopted 192.168.0.2 as its IP Address - leaving the Network Adapter without an IP Address. (I have allowed the Management Operating System to use the Network Adapter so that I still have some Internet connectivity. I'll remove it when everything else is going.

But then, when I was specifying the IP Addresses for pfSense, I gave its WAN connection the SAME IP Address of 192.168.0.2. Should THIS have a different IP on the EXTERNAL Network - 192.168.0.5 perhaps? I'll Give that a go.

But earlier you said you had internet access, so the wan should be good.
Just go into pfSense again, select option 7 to ping a host and try to ping google or another website. If it's good, the wan is good.

Can you draw out exactly how you have everything connected? Just re-read this thread (again ) and you were questioning how the server is separate from the wan. The wan of pfSense is connected to the external switch, that means it goes to a physical port. That port is connected to your internet only, correct?

BrianMcG

@jarhead I have just deleted and re-built pfSense and both Virtual Switches. Have some testing to do yet. So I'll let you know whether I've succeeded or not when I've fininished. If not I'll send my spreadsheet of all the IP Settings.

Wish me luck.

BrianMcG

@jarhead I have solved my Problems! I deleted everthing and started again several times! I have documented everything I did. Since it is a Word Document I've uploaded it to Dropbox, in case anyone is interrested here DropBox
.
Essentially I discovered that when I set up pfSense it connected to the DHCP Server in my ISP's Modem and gave it an IP Address on my WAN. I could not see why this needed changing so I left it alone and did not try to give it a static IP Address.

I also think that when I had been asked during the pfSense installation process, when I was asked whether I wanted to enable a HTTP connection for WebConfigurator, I had answered "n", thinking that the alterantive would be HTTPS. This time I answered "y", and low and belhold I can now get into the WebConfigurator!

Anyway, everything is now going and I no-longer have problems.