Unable to access GUI from specific PC

enjawd · Dec 19, 2024, 7:46 AM

@Gertjan hello! Thanks for your reply. I tired the admin acces method as well, doesnt work.

As for the dual nic, i have both 10G and 1G(onbaord) which is disabled, no wifi. I only enable it other day to test if its my nic issue. So apparently, when i hook up to my onboard 1G NIC, im able to access the webgui, but when i swap back to the 10G NIC, im not able to access the GUI again.

This issue happen recently, for some reason my pc is not able to access the GUI anymore

Bob.Dig · Dec 19, 2024, 8:42 AM

@enjawd said in Unable to access GUI from specific PC:

However, when I swap the network cable to a different LAN port on my PC, it starts working. This makes me suspect

This makes me suspect you have blocked one IP but not the other, show your rules on that interface and maybe groups and floating too.

enjawd · Dec 19, 2024, 9:18 AM

@Bob-Dig said in Unable to access GUI from specific PC:

@enjawd said in Unable to access GUI from specific PC:

However, when I swap the network cable to a different LAN port on my PC, it starts working. This makes me suspect

This makes me suspect you have blocked one IP but not the other, show your rules on that interface and maybe groups and floating too.

Currently there is no flating rule, as for Lan interface there only 3 rule . 🔒 Log in to view

Bob.Dig · Dec 19, 2024, 11:00 AM

@enjawd And any other connectivity is given by using the NIC with no access to the Web-GUI? And your switching NICs, but it seems you also switching the port on the other side because it is 1Gb and then 10Gb...

stephenw10 · Dec 19, 2024, 2:21 PM

Yeah that^. Is it only the pfSense webgui you can't access? Connecting to external site still works?

enjawd · Dec 21, 2024, 1:31 PM

@stephenw10

Yes apparently only pfsense gui I can’t access, but other than that everything else is working as per normal I’m still getting 10g speed as well

Bob.Dig · Dec 21, 2024, 3:38 PM

@enjawd But the other port (10G) on your pfSense is most probably not in the same LAN as the 1G port...

enjawd · Dec 22, 2024, 2:48 PM

@Bob-Dig my pfsense has only 2 * 10G port. 1 for WAN, another for LAN with vlan connect to another 10G switch. So basically all my equipment or device are connect to the switch 10G port

stephenw10 · Dec 22, 2024, 3:52 PM

Connecting with a different NIC will give you a different IP address because of the different MAC. It seems likely the original IP is simply blocked from accessing the gui.

enjawd · Dec 23, 2024, 1:54 AM

@stephenw10 Yeah seems like either mac address or ip is blocked, any idea how can i find this? nothing seems to appear on syslog as well

johnpoz · Dec 23, 2024, 2:16 AM

@enjawd your rules on that interface wouldn't be blocking anything - do you have floating rules? Is the rules your actually hitting - or do you have some other interface?

Do you even have ethernet filtering enabled - its not out of the box. And its only available in +

Sure you didn't just lock yourself out of the gui from that IP by sending wrong password.. But that should timeout anyway.

I always put my PC ip in there just in case.

🔒 Log in to view

Are you running any IPS? If your pc has internet access thru pfsense - would seem odd that it could be blocked by some mac filtering - unless you had very specific rules in your ethernet filtering - and again that is not even enabled out of the box. So you would of had to enable it and put in rules.

So to be clear your internet access through pfsense works, dns to pfsense IP works - you can not just access the gui.. Do you get any sort of error, does it just time out?

enjawd · Dec 23, 2024, 2:14 AM

@johnpoz I've no floating rule going on, 0 entries.

This is my login protection setting. If i were to put my pc ip, will my other device be denied to GUI making my pc exception only?

🔒 Log in to view

enjawd · Dec 23, 2024, 2:18 AM

@johnpoz Forgot to mention, im on pfsense+

enjawd · Dec 23, 2024, 9:12 AM

Just to update, im pretty sure its mac address block for some reason. On the NIC, i change the ip address to another, im not able to access gui either.

the other · Dec 23, 2024, 9:44 AM

hey,
is said pc connected directly tp pfsense or is a switch in use?
If so (with switch in between): are there any Port Security settings active? Any MAC blocking there in use?

Gertjan · Dec 23, 2024, 9:48 AM

@enjawd

... and are the perfect (the ones you've found when you installed pfSernse) LAN firewall rules in place :

🔒 Log in to view

?

johnpoz · Dec 23, 2024, 1:25 PM

@enjawd it is an exception only.

if you have plus - then look to see if you have mac filtering enabled. Look in advanced firewall/nat - or do you even see the ethernet tab in firewall?

🔒 Log in to view

Would of kind of had to put in a specific rule - how would you not know you did such a thing?

And again - what happens, what does your multiple browsers you have put in show - just a timeout? Some error - are you using https via that 8443 port, are you trying redirection by hitting port 80 via http first?

Is the browser just telling you it doesn't trust the cert. Without a very specific ethernet rule - I don't see how this is possible your blocked.

Is this the error your getting in your browser?

🔒 Log in to view

And again are you running IPS?

stephenw10 · Dec 23, 2024, 2:56 PM

I would probably run a pcap at this point just to be sure packets from the client in question are actually arriving.

enjawd · Dec 23, 2024, 4:25 PM

i think i have found the problem, think someone had change the MTU on my pc to 9000 instead of 1500. Changed it back and im able to access GUI again.

stephenw10 · Dec 23, 2024, 5:34 PM

Ah, that could do it.