Regaining Access to pfSense?
-
Long story short.....
Original Setup
Modem --> SG-3100 --> UniFi Managed Switch --> Bare MetalSituation
Had everything setup nicely for a home lab, then moved house. So just coming to re-plug everything back in.With one slight challenge..... I'm pretty sure (from memory) that the Management Interface VLAN for accessing the Web GUI that was setup was configured to a laptop that has since died, completely died.
So I think that what is happening is that I'm essentially locked out of the management interface to manage pfSense.
Debugging To Date
When pfSense is plugged into new computer via ethernet, the computer successfully gets an IP Address from pfSense, and I can successfully ping pfSense from the computer.Yet I can't access the Web GUI at https://192.168.1.1 via the web browser. It just times out before even loading the login screen.
Lights are flashing green on ethernet ports on both the computer and pfSense.
I've successfully connected to the command line console via serial port using PuTTy but I don't see anything particularly useful to help regain access.
I'd really like to avoid having to do a factory reset as it's going to be a downstream pain to to rebuild everything.
Next Steps?
Answers on a postcard while I'm busy Googling / ChatGPTing..... -
Do you get to the login screen at the webui but never reach the dashboard? That would imply a php issue.
If you never see a login at all it's probably a firewall issue. In which case you can disable the firewall temporarily with:
pfctl -d
See: https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html#disable-the-firewall -
@stephenw10 Thanks for that link. I've gone through every single step on there to try and get back in and nothing was working.....
..... Then when I was checking the file for manually reviewing the firewall rules to see if I could spot something;
/tmp/rules.debugI noticed that I had changed the Web GUI Port from the default 443 --> Another Port for added security, which I had since forgot about, and my current self is cursing my past self for not documenting that fact.
Anyhow, all back into the Web GUI now so I can start to have a play around again. Thanks for the help
-
Aha, that would do it.
For future reference you can check the listening port in use from the command line using sockstat like:
[25.07.1-RELEASE][root@plusdev-4.stevew.lan]/root: sockstat -l4 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root php-fpm 82769 4 udp4 *:* *:* root php-fpm 36135 4 udp4 *:* *:* root php-fpm 80700 4 udp4 *:* *:* root php-fpm 26020 4 udp4 *:* *:* root syslogd 49551 10 udp4 *:514 *:* dhcpd dhcpd 50432 9 udp4 *:67 *:* root nginx 37810 5 tcp4 *:443 *:* root nginx 37810 7 tcp4 *:80 *:* root nginx 37559 5 tcp4 *:443 *:* root nginx 37559 7 tcp4 *:80 *:* root nginx 37376 5 tcp4 *:443 *:* root nginx 37376 7 tcp4 *:80 *:* root ntpd 29525 21 udp4 *:123 *:* root ntpd 29525 23 udp4 192.168.184.1:123 *:* root ntpd 29525 25 udp4 172.21.16.184:123 *:* root ntpd 29525 28 udp4 127.0.0.1:123 *:* unbound unbound 91092 5 udp4 *:53 *:* unbound unbound 91092 6 tcp4 *:53 *:* unbound unbound 91092 7 tcp4 127.0.0.1:953 *:* root sshd 2721 4 tcp4 *:22 *:* root php-fpm 606 4 udp4 *:* *:* root php-fpm 605 4 udp4 *:* *:* root php-fpm 603 4 udp4 *:* *:* -
@stephenw10 That's a handy command, good to know
