HTTP 403 (Forbidden) Webgui

zonda7

Hi

I setup up pfsense 2.1 on a VM running FreeBSD, enabled ssh, checked I can ping out the WAN and LAN and checked I could ping back into the address I gave the LAN but I cannot connect to the Webgui. In Firefox I get a blank page and in IE and Chrome I get a HTTP 403 (Forbidden) message. HELP!!!! :-\

mibovrd

A little confused? ???

Not sure what you enabled. Enabling ssh allows access on port 22 or other defined port for a terminal program.

Selecting HTTPS allows secure browser access to the Web-configurater. If you havn't disabled the re-direct HTTP access will redirect you to HTTPS.

Try HTTP again.

zonda7

As you can see I am confused too :S

Well so far apart from the standard setup I have not made any changes. I ran the install as per the guides (enabled ssh for some unknown reason) and tried to connect to Webgui (in my case) 10.10.10.1 from the pc which the VM is setup on. You can ping from either side yet cannot connect from either https or http. Do I need to make any changes from the standard install?

mibovrd

Not done a VM install, so not sure. Depends on what type of VM, how many ports, IP ranges you are using, and routing. A little piccy might help with the ip's. VM's do have nasty issue sending the response back via the interfaces real IP rather than the VIP, this would mean ping would work, but http or any TCP connection would fail.
Some things to try.
Try a traceroute to both sides to see which way it goes.

Try ssh admin@x.x.x.x pfsense using LAN ip, if that works then routing not a problem to LAN

Try 'telnet x.x.x.x 80' LAN IP again. See if it connects, if it does then your browser is probably proxied. take proxy of and connect direct.

zonda7

I disabled the proxy but that did not work.

I tried to ssh and telnet both failed.

The host and VM config is what you can find in how to install on a VM. I have onboard nic (LAN int) and an expansion nic (WAN int).

Host machine has ip 10.10.10.2/24
VM LAN int 10.10.10.1/24
WAN int 192.168.1.91

Here are some screen shots.

![Windows Host Network.JPG](/public/imported_attachments/1/Windows Host Network.JPG)
![Windows Host Network.JPG_thumb](/public/imported_attachments/1/Windows Host Network.JPG_thumb)
![Network settings for LAN Interface.JPG](/public/imported_attachments/1/Network settings for LAN Interface.JPG)
![Network settings for LAN Interface.JPG_thumb](/public/imported_attachments/1/Network settings for LAN Interface.JPG_thumb)
![Network settings for WAN interface Windows Host.JPG](/public/imported_attachments/1/Network settings for WAN interface Windows Host.JPG)
![Network settings for WAN interface Windows Host.JPG_thumb](/public/imported_attachments/1/Network settings for WAN interface Windows Host.JPG_thumb)

zonda7

….

![Virtual Adapter.JPG](/public/imported_attachments/1/Virtual Adapter.JPG)
![Virtual Adapter.JPG_thumb](/public/imported_attachments/1/Virtual Adapter.JPG_thumb)
![VM settings.JPG](/public/imported_attachments/1/VM settings.JPG)
![VM settings.JPG_thumb](/public/imported_attachments/1/VM settings.JPG_thumb)

zonda7

….

![Host Config.JPG](/public/imported_attachments/1/Host Config.JPG)
![Host Config.JPG_thumb](/public/imported_attachments/1/Host Config.JPG_thumb)
![PF traceroute to Windows Host.JPG](/public/imported_attachments/1/PF traceroute to Windows Host.JPG)
![PF traceroute to Windows Host.JPG_thumb](/public/imported_attachments/1/PF traceroute to Windows Host.JPG_thumb)

zonda7

…

![ssh from putty.JPG](/public/imported_attachments/1/ssh from putty.JPG)
![ssh from putty.JPG_thumb](/public/imported_attachments/1/ssh from putty.JPG_thumb)

cmb

You're not getting a 403 from the firewall, it's from your own machine. You're creating an IP conflict on 10.10.10.1.

cmb

and you also can't have 10.10.10.0/24 on both your physical and virtual NICs, aside from the IP conflict breaking things. You have to bridge if you want a 10.10.10.x IP on the VM.

zonda7

Thanks for the assistance. I RTFM'd on the VM front so now have a better understanding :O) and it works.