Why is my GUI suddenly (only) available at port 4443??????????
-
Hi,
I have been running pfsense without issues for a few years now.
Suddenly, my GUI is only available at port 4443 (not: 443). Why?
To be sure: Under System > Advanced > TCP Port the setting is 443 (I understand this would not be needed as it is used to override the standard port (which is 443 for https), but it can't hurt, can it)?
So what on earth could cause this? Are there other settings that affect port? (I have not conciously set up any redirections but if that is a possibility, please direct me where to look for them.)
Thanks!
-
@sensewolf not sure but if you go to diagnostics, command prompt whats the output of
netstat -aln4 ? Basically all the IPV4 listening sockets. If you are also using IPV6, repeat the command but do -aln6.Just forgot to add:
On my system I have just https selected for protocol and nothing for the tcp port field.Question:
From the WAN side or from the LAN side? By default I think the GUI is not available from WAN based on the default deny rules. 4443 almost sounds like a proxy setting somewhere, especially if you are talking about WAN to the GUI. -
My GUI is (in any case should) not be accessible from the WAN. So I am talking the LAN side of things.
netstat shows several lines, among them two that reference port 4443 (which is me accessing the GUI internally)
tcp4 0 0 192.168.1.1.4443 192.168.18.7.1428 ESTABLISHED tcp4 0 0 192.168.1.1.4443 192.168.18.7.47923 TIME_WAIT -
@sensewolf Only the two? For me netstat -aln4 shows the established sessions (which is what you have) plus "Local Address" of "*.443". Can you do the netstat -aln4 | grep tcp so we can see all the listening sockets? I'm just looking to see where anything may be listening.
-
There may have been one more line at the end that I overlooked the last time.
Here we go:
tcp4 0 0 177.7.186.150.443 84.169.199.118.26059 TIME_WAIT tcp4 0 0 177.7.186.150.443 192.168.18.7.8831 TIME_WAIT tcp4 0 0 177.7.186.150.443 84.169.199.118.32163 TIME_WAIT tcp4 0 0 177.7.186.150.443 192.168.18.7.47636 TIME_WAIT tcp4 0 4557 177.7.186.150.443 54.200.141.88.57534 LAST_ACK tcp4 0 24 177.7.186.150.443 54.190.180.8.24084 FIN_WAIT_1 tcp4 0 391 177.7.186.150.443 54.190.180.8.9703 FIN_WAIT_1 tcp4 0 24 177.7.186.150.443 34.221.242.183.60368 LAST_ACK tcp4 0 24 177.7.186.150.443 54.214.183.143.53037 FIN_WAIT_1 tcp4 0 391 177.7.186.150.443 54.214.183.143.40513 FIN_WAIT_1 tcp4 0 31112 177.7.186.150.443 54.191.164.222.48479 FIN_WAIT_1 tcp4 0 24 177.7.186.150.443 54.191.164.222.46300 FIN_WAIT_1 tcp4 0 0 192.168.55.1.62456 192.168.55.138.3443 ESTABLISHED tcp4 0 0 177.7.186.150.3443 192.168.18.7.10677 ESTABLISHED tcp4 0 0 192.168.55.1.18289 192.168.55.138.3443 ESTABLISHED tcp4 0 0 177.7.186.150.3443 192.168.18.7.9152 ESTABLISHED tcp4 0 0 177.7.186.150.443 84.169.199.118.8861 ESTABLISHED tcp4 0 0 192.168.5.1.4443 192.168.18.7.40730 ESTABLISHED tcp4 0 0 192.168.55.1.39097 192.168.55.61.443 ESTABLISHED tcp4 0 0 177.7.186.150.443 192.168.18.7.18059 ESTABLISHED tcp4 0 0 177.7.186.150.443 192.168.18.7.16657 ESTABLISHED tcp4 0 0 192.168.55.1.47939 192.168.55.138.3443 ESTABLISHED tcp4 0 0 177.7.186.150.3443 192.168.18.7.55354 ESTABLISHED tcp4 0 0 192.168.55.1.17332 192.168.55.138.3443 ESTABLISHED tcp4 0 0 177.7.186.150.3443 192.168.18.7.22215 ESTABLISHED tcp4 0 0 177.7.186.150.3443 *.* LISTEN tcp4 0 0 88.46.4.82.443 *.* LISTEN tcp4 0 0 177.7.186.150.443 *.* LISTEN tcp4 0 0 177.7.186.150.8448 *.* LISTEN tcp4 0 0 88.46.4.82.80 *.* LISTEN tcp4 0 0 177.7.186.150.80 *.* LISTEN tcp4 0 0 127.0.0.1.2200 *.* LISTEN tcp4 0 0 *.666 *.* LISTEN tcp4 0 0 *.2222 *.* LISTEN tcp4 0 0 127.0.0.1.953 *.* LISTEN tcp4 0 0 *.53 *.* LISTEN tcp4 0 0 *.80 *.* LISTEN tcp4 0 0 *.4443 *.* LISTEN -
@sensewolf so something is actually listening on port 4443 (generically all interfaces) but ip specific listening on poirt 443 (88.46.4.82 and 177.7.186.150), then there are connections from 443 to other addresses (I don't know which are internal or external addresses, except for the 127. and the 1923.168.)
You also have specific ips listening on port 809 (88.46.4.82 and 177.7.186.150)
It almost looks like a proxy or something. So double check the addresses assigned to your LAN and WAN side, any VPN interfaces.
I've got nothing more to look at or add. -
@sensewolf said in Why is my GUI suddenly (only) available at port 4443??????????:
Suddenly, my GUI is only available at port 4443 (not: 443). Why?
Just to be sure :
cat /var/etc/nginx-webConfigurator.conf.... server { listen 443 ssl http2; listen [::]:443 ssl http2; ....If 443 is not 443, then this has been set to something not being '443' :
Same info in the config.xml :
.... <webgui> <protocol>https</protocol> ...... <port></port> ........ </webgui> ..... -
This is (part of) the output of 'cat /var/etc/nginx-webConfiguator.conf':
image url)This is the TCP port setting:
And this is how I am accessing pfSense:
because the GUI is not available at port 443...
-
@sensewolf
So obviously there is a service listening on port 443 already.To find out which, go to the console and run
sockstat | grep .443 -
@viragomann said in Why is my GUI suddenly (only) available at port 4443??????????:
So obviously there is a service listening on port 443 already.
As the nginx config says : it's nginx, the pfSense GUI.
The fact that pointing a 192.168.55.1 at port 4443 shows the pfSense GUI means that there is a 'firewall' that is doing something.
Like redirecting incoming TCP traffic on port 4333 to TCP 443.sockstat | grep .443
I bet :
[23.05.1-RELEASE][root@pfSense.bhf.net]/root: sockstat | grep .443 root lighttpd_p 53813 4 tcp4 10.10.10.1:443 *:* root lighttpd_p 53813 6 tcp6 ::10.10.10.1:443 *:* root nginx 8179 5 tcp4 *:443 *:* root nginx 8179 6 tcp6 *:443 *:* root nginx 8164 5 tcp4 *:443 *:* root nginx 8164 6 tcp6 *:443 *:* root nginx 8042 5 tcp4 *:443 *:* root nginx 8042 6 tcp6 *:443 *:*The first two are listening on 10.10.10.1, it's the "useless" pfBlockerng "yu are using a blocked domaine name" serveice.
The other 6 is our nginx, serving pfSense GUI.Example : one NAT rule (without the related firewall rule as not needed) :
I'm now accessing the GUI (also) on port 4443.
There are many ways to skin a cat ;)
-
@Gertjan said in Why is my GUI suddenly (only) available at port 4443??????????:
The fact that pointing a 192.168.55.1 at port 4443 shows the pfSense GUI means that there is a 'firewall' that is doing something.
Like redirecting incoming TCP traffic on port 4333 to TCP 443.Yeah, seems plausible.
