Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense Web UI accessible even without rules

    Scheduled Pinned Locked Moved Firewalling
    23 Posts 4 Posters 1.0k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V Offline
      viragomann @nazar-pc
      last edited by

      @nazar-pc said in pfSense Web UI accessible even without rules:

      Your gateway in the rule called "MultiWAN" sound like a gateway group, is it?

      Yes, it is. Right now has just one WAN interface.

      I would try to state the gateway, which is in use, in the rule for test. But it should also work properly with a gateway group.

      Which IP are you able to access from the guest subnet, WAN or the guest IP?

      Guest IP: 192.168.2.1

      Normally the gateway doesn't know this network, as long as there is no route added for it.
      And as you see nothing on WAN, the packets a possibly not route out in fact.

      For investigating I would change the web configurator port. Then try to access it from guest. Should still succeed.
      Then go to Diagnostic > States and look for states with the used port. You can filter the state list for it.
      The result should show all involved interfaces.

      Also to get the rule, which is allowing the access I'd enable logging in each rules, as well in these ones on other interfaces. And then check out the firewall log for the responsible rule.

      nazar-pcN 1 Reply Last reply Reply Quote 0
      • nazar-pcN Offline
        nazar-pc @viragomann
        last edited by

        @viragomann said in pfSense Web UI accessible even without rules:

        I would try to state the gateway, which is in use, in the rule for test. But it should also work properly with a gateway group.

        Gateway is probably unrelated, I removed it and behavior is still the same.

        @viragomann said in pfSense Web UI accessible even without rules:

        Normally the gateway doesn't know this network, as long as there is no route added for it.
        And as you see nothing on WAN, the packets a possibly not route out in fact.
        For investigating I would change the web configurator port. Then try to access it from guest. Should still succeed.
        Then go to Diagnostic > States and look for states with the used port. You can filter the state list for it.
        The result should show all involved interfaces.
        Also to get the rule, which is allowing the access I'd enable logging in each rules, as well in these ones on other interfaces. And then check out the firewall log for the responsible rule.

        I might have confused you. 192.168.2.1/24 is GUEST network, request comes in from 192.168.2.3, here is then state established for it:

        GUEST tcp 192.168.2.3:45108 -> 192.168.2.1:12338 ESTABLISHED:ESTABLISHED 18 / 22 2 KiB / 18 KiB
        
        nazar-pcN 1 Reply Last reply Reply Quote 0
        • nazar-pcN Offline
          nazar-pc @nazar-pc
          last edited by

          BTW, I'm on this version, maybe something regressed (potentially):

          2.7.0-DEVELOPMENT (amd64)
          built on Wed Jan 04 06:05:22 UTC 2023 
          
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.