Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot gain remote access to WebUI

    Scheduled Pinned Locked Moved Firewalling
    26 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      orangehand
      last edited by orangehand

      I have mimicked the exact same settings as I have on several other pfsense boxes to no avail. Can anyone see my mistake from the attached? Custom port is 8082. The webadmin ports alias is set to 8082, 443 and 80 just in case. Initially of course I limited source to my office ip (remote to this box).

      Screenshot 2022-07-28 at 08.29.13.png

      GertjanG 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @orangehand
        last edited by

        @orangehand

        Like this :

        cf245e71-9534-4ecc-8d7b-6e6623bd51eb-image.png

        ?

        Works fine for me.

        Visiting https://home.my-pfsense-wan-IP.tld:443 gave me access to the pfSense GUI.

        That is, I had to NAT also my upstream ISP router, of course.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        O 2 Replies Last reply Reply Quote 0
        • O
          orangehand @Gertjan
          last edited by

          @gertjan the webui is on 8082 for this box. I'm not sure what your point is! But thanks

          1 Reply Last reply Reply Quote 0
          • O
            orangehand @Gertjan
            last edited by

            @gertjan my WAN rule set is this:

            Screenshot 2022-07-28 at 09.48.57.png

            I cannot move the webGUI rule to above the 2 block rules if this is the issue?

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @orangehand
              last edited by

              I know. You said :

              @orangehand said in Cannot gain remote access to WebUI:

              webadmin ports alias is set to 8082, 443 and 80

              Mine is "443" so I created a webadmlinport alias that contains only 80 and 443.
              I could have added 8082, and change the pfSense config so it listens to 8082 :

              c07fa45b-4a3c-4322-b05a-44093769febb-image.png

              and that also works fine, after changing the "443" port redirect to "8082" for my ISP upstream router.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              O 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @orangehand
                last edited by

                @orangehand said in Cannot gain remote access to WebUI:

                if this is the issue?

                Noop :

                Nothing hits the two initial block rules : their counter are 0.

                93481c4d-c72e-4fd3-8d50-e3cb67ca1437-image.png

                Be sure that this one is ok :

                b37d85dc-a758-4cf5-a5f1-00e605849ade-image.png

                by making it "any" first, just for testing.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                O 1 Reply Last reply Reply Quote 0
                • O
                  orangehand @Gertjan
                  last edited by

                  @gertjan I don't want to seem ungrateful, but I know your rule works, and all my other identical webgui rules work on other boxes. I am trying to work out why it doesn't work on this one!

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • O
                    orangehand @Gertjan
                    last edited by

                    @gertjan I'd tried any. No dice!

                    GertjanG 1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan @orangehand
                      last edited by

                      @orangehand

                      What is in front of your pfSense ?
                      Is your pfSense WAN IP an RFC1918 ?

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      O 1 Reply Last reply Reply Quote 0
                      • O
                        orangehand @Gertjan
                        last edited by

                        @gertjan the fibre/fttp socket. Access is via PPPoE from this box

                        O 1 Reply Last reply Reply Quote 0
                        • O
                          orangehand @orangehand
                          last edited by

                          @orangehand sorry - yes, it's a public routable IP, and ovpn works fine back to that address.

                          1 Reply Last reply Reply Quote 0
                          • GertjanG
                            Gertjan @orangehand
                            last edited by

                            @orangehand said in Cannot gain remote access to WebUI:

                            I'd tried any. No dice!

                            Oh yes, that valid usefull info !!

                            Now I know that nothing reaches your pfSense WAN interface, port 8082, TCP.
                            Otherwise, the rule would be a match.
                            That is, I presume :

                            1. you connect like this : https://some-url-to-you-wan-IP-here.tld:8082 (or : https://a.b.c.d:8082)
                              and
                            2. You do not connect from within your LAN, but you are using your phone with the Wifi shut down = you are really connecting from the out side.

                            Also : using IPv4, right, not IPv6.

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            GertjanG 1 Reply Last reply Reply Quote 0
                            • GertjanG
                              Gertjan @Gertjan
                              last edited by Gertjan

                              You can start a packet capture on your WAN interface.
                              Select TCP - and port 8082.

                              If something comes in, it will get captured in the resulting log.

                              edit : like this :

                              1ed8bd3b-ca4b-4690-987a-2b9192d5ea33-image.png

                              No "help me" PM's please. Use the forum, the community will thank you.
                              Edit : and where are the logs ??

                              O 1 Reply Last reply Reply Quote 0
                              • O
                                orangehand @Gertjan
                                last edited by

                                @gertjan 1: yes and 2: I am remote on my own FTTP LAN so it is a true test with no risk of cgnat etc

                                Will try the packet capture, thanks

                                O 1 Reply Last reply Reply Quote 0
                                • O
                                  orangehand @orangehand
                                  last edited by

                                  @orangehand output is:

                                  10:05:57.099569 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
                                  10:05:58.197408 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
                                  10:05:59.281622 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
                                  10:06:00.328195 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
                                  10:06:01.351961 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
                                  10:06:02.383762 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
                                  10:06:04.445801 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0
                                  10:06:08.830995 IP 62.3.69.70.23841 > 51.148.184.62.8082: tcp 0

                                  I have to confess I don't know if this is good or bad!

                                  O 1 Reply Last reply Reply Quote 0
                                  • O
                                    orangehand @orangehand
                                    last edited by

                                    @orangehand the IP's are correct

                                    GertjanG O 2 Replies Last reply Reply Quote 0
                                    • GertjanG
                                      Gertjan @orangehand
                                      last edited by

                                      @orangehand said in Cannot gain remote access to WebUI:

                                      the IP's are correct

                                      I tested
                                      https://51.148.xx.62 port 8082
                                      ... nothing replied like nothing is listening on that port.

                                      sockstat -l | grep '8082
                                      

                                      confirms that the GUI webserver is listening on 8082 ?

                                      Or go back to the default 443 for a moment.

                                      No "help me" PM's please. Use the forum, the community will thank you.
                                      Edit : and where are the logs ??

                                      O 2 Replies Last reply Reply Quote 0
                                      • O
                                        orangehand @orangehand
                                        last edited by

                                        @orangehand This box was a new SG1100 which I installed yesterday. Out of the box it was not working at all well. I had to reflash it using the recovery image sent by Netgate. This image retains the original settings, or some of them. I am wondering if the reflash has cured all the problems. Anyone know how I would totally reset it to defaults? Another odd issue I am having is that MY OpenVPN connection to that box was working earlier this morning when I set it up and now, with no changes to the 1100, it is not. The customer's own ovpn connection from INSIDE his LAN is working fine.

                                        GertjanG 1 Reply Last reply Reply Quote 0
                                        • O
                                          orangehand @Gertjan
                                          last edited by

                                          @gertjan Thanks. Will revert to 443 and see what I get.

                                          1 Reply Last reply Reply Quote 0
                                          • GertjanG
                                            Gertjan @orangehand
                                            last edited by

                                            @orangehand said in Cannot gain remote access to WebUI:

                                            Anyone know how I would totally reset it to defaults?

                                            A refaslh will do that.

                                            Or use the console or SSH option

                                            4) Reset to factory defaults
                                            

                                            No "help me" PM's please. Use the forum, the community will thank you.
                                            Edit : and where are the logs ??

                                            O 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.