WEBGUI not responding accessing over wan



  • Hi I cant access webgui over wan interface. In best scenario I recive an error "The security certificate" and when I click Continue to this website (not recommended) it doesnt get an login page just looping for access andd nothing happens. Over Lan interface everything works fine. ( I am useing pfsense ver 2.0 release). I ve tried to change port number and https/http, restarted webgui from console but nothing hellped. Can anyone help please or any idea what is wrong.



  • Accessing the webGUI over WAN interface you need to open ports in firewaall on WAN tab. By default all ports on WAN are closed.

    Further check under SYSTEM -> ADVANCED for "DNS REBIND CHECK" and "HTTP REFFERER" and change it to your needs.



  • Off course I ve made NAT port forward and created firewall rules and both of setting you sad are disabled, but the strange thing is that I can reach site of web gui because it ask me to select Continue to this website (not recommended) - website's security certificate and when I select to continue it just reloading indefinitely.


  • Rebel Alliance Developer Netgate

    You do not need a NAT port forward to reach the GUI from the WAN. Remove it, and it will likely start working.



  • Nope this didnt help. Now I dont even recive cert. error page.



  • can you screen shot your rules? please make sure that the NAT for this is removed (port forward or 1:1). If there is any outbound NAT created for this, please remote it also. You will need a rule for HTTP if you are using non-secure web and HTTPS for secured access. If you want to utilize the redirect, you will need both.



  • I had problems too with standard ports. After reading and trying lots of configurations finally i got it work with
    one TCP rule to Firewall:
    Port 80 does not work to me !?

    ![firewall rule.JPG](/public/imported_attachments/1/firewall rule.JPG)
    ![firewall rule.JPG_thumb](/public/imported_attachments/1/firewall rule.JPG_thumb)



  • I am useing https and here are rulles:






  • Didn´t get your point does the rules work or do you have problems with this ?



  • I ve still have the problem and rulles working fine on otheri site with other pfsense box.



  • try this:

    1. disable portforward for your pfsense webmin
    2. create a rule on wan:
    
    Action: Pass
    Disabled: unchecked
    Interface: WAN
    Protocol: TCP
    Source: any (or if you want to determine allowed ip's then you could put it here)
    Source port: any
    Destination: your public ip ( or use aliases )
    Destination port: what is your https/http port
    Description: firewall management
    
    

    I use aliases: Firewall_mgmt_ips & Firewall_mgmt_ports

    it just works



  • Wow, I've never gotten the webgui to work from the wan side for AGES! I had a port forward rule as well as an access rule. The odd things is
    it works the other way with Monowall, which is what I used to use before moving to pFsense.



  • So this is solved?



  • I finaly solved the problem. It wasnt problem with setup on pfsense. The problem was with ADSL line. Internet provider made some changes on their side and now everthing works fine . The problem have been with some https traffic.



  • @Metu69salemi:

    So this is solved?

    No, this for some reason has never worked for me. Hasn't worked on a Dell server, laptop and Soekris box. It starts to open the the Webgui very slowly then it crashes.
    For whatever reason I never have an issue with Monowall. I assume you configure remote access the same way on both platforms.



  • Piplfox-  13.10.1.0/8 is a routable public address and shouldn't be used on LAN unless your the user of that subnet…  It has the possibility of causing you problems.

    http://www.noah.org/wiki/Private_LAN_IP_addresses

    Heres a screenshot of the rule on my test box...  I use a nonstandard port on my production boxes...

    as pointed out already...  You should have no port forwarding turned on for this rule.



Log in to reply