Lost access to webGUI via local or remotel ip

  • Need a bit of help please, being new to pfsense and some of the available packages. This is a production firewall in a manufacturing facility with a fair number of rules and forwards, and I do not want to jeopardize destroying what we've done so far with it.

    Last night I installed Squid and Lightsquid with all defaults. I was impressed enough with the reporting to want to set up direct remote access to pfsense using a simple port forward from one of our public ip's to the internal ip of the firewall on port 443, rather than having to remote into a workstation on the LAN (and have all internet access logged from that machine). All access from both sides worked initially, then I lost ability to access the webconfigurator from either the the LAN or the WAN. I can get sometimes to the security certificate error (using self-signed cert), but attempting to get beyond that the browser just spins and spins. The firewall appears to be doing its job - superbly as always!

    Starting with basics, from an ssh session, I restarted the webconfigurator, and it took a seemingly long time, but still am not able to get to the login screen. I'm wondering if someone out there might have a simple fix that would not involve reloading the entire box?

    I know that opening up 443 port to the public is bad form. I ought to have added earlier that I had also disabled http_referer check, as that seemed to be recommended when I had initially logged into the webgui remotely.  I believe that most of the problem is around this….

    I just want some clarification on the procedures to follow considering the trail of changes I'd made, as I have been reading through the forums, and of course, the sticky at the top of the page explaining the ip reset, but nothing seems to speak to repairs after the various installations and changes.

    I have both console access and ssh access, and the pfsense seems to be working fine. I'll try the simple ip reset asap this morning when I get into work. At the least, if I can get some coaching on editting rules via shell, would like to disable the port forward I'd made to the firewall itself.

  • Rebel Alliance Developer Netgate

  • Yeah - I tried the half that seemed to apply - can't get in from the LAN, either - and have gotten nowhere. Double-lchecked Squid, and it's running where it should….kind of lost right now.
    If I upgrade to 2.0.1 from 2.0-RC2, do you think it would get 'fixed'?

  • I should add that I had ssh'd in and deleted the rule allowing port forward from WAN to pfsense on 443….

  • ….and I've been scanning the logs until I'm cross-eyed and funny-looking (probably an improvement in my case) and cannot find anything out of the way....port scanned the box and the only ports open were as expected, with the exception of 443 being closed after the ip reset procedure....22, 80, 53 (dnsmasq), 3000 (lightsquid), and 3128 (Squid proxy) are open, the webconfigurator isn't running on some other port (open anyway)....

  • ….whoops - 3000 is nTOP

Log in to reply