WEB GUI crashes/unavailable !!!!!!!



  • Not sure what is going on I have seen some other posts that are similar. I am able to access the WEB GUI only through WAN interface if I enable the LAN interface, set static to a 192.168.x.x address > enable DHCP server on LAN interface set parameter > WEB GUI is unaccessable from either WAN interface or LAN interface.



  • I take it back, anytime I enable the LAN with a static the entire system locks me out of every remote, I enable SSHD and locked out as soon as I enable the LAN interface.



  • i've never seen this happen before. what do the logs say ?

    what is your interface configuration? are you using the same subnet on wan & lan by any chance?



  • Maybe I am just an idiot. I have it up and running, but the only way I was able to get the GUI working when I turned the LAN interface on was to completely open up the firewall to allow all traffic to it; in order to get it work on the WAN. I have not yet tried accessing from the LAN side. Will try to update later on. What I don't get is why no access is set to default, even on the LAN side. Oh and I had to use CLI in order to open the access to to the WEB GUI.

    To answer your question, no idea what the logs say, because it would lock me out. Also yes subnets were correct on the LAN side with DHCP Service running. I didn't use the default setup a 198.168.x.x as LAN interface with a range of 50-99 on DHCP. Its would provide the client on LAN side with IP but wouldn't allow access to the WEB GUI on either WAN or LAN addresses.



  • If you setup with just a WAN ("1-armed router") then pfSense puts the default allow all rule onto WAN (under the normal assumption that in a config like this the "WAN" is actually an interface sitting on your LAN somewhere and providing a service like OpenVPN end-point or DHCP or… and pfSense is not being a normal LAN to WAN router)
    When you enable LAN, that rule immediately gets shifted to LAN, so you lose access via WAN.
    Solutions:

    1. Plug into LAN and continue setup from there; or
    2. Add your own pass rule/s on WAN before you enable LAN.


  • @phil.davis:

    If you setup with just a WAN ("1-armed router") then pfSense puts the default allow all rule onto WAN (under the normal assumption that in a config like this the "WAN" is actually an interface sitting on your LAN somewhere and providing a service like OpenVPN end-point or DHCP or… and pfSense is not being a normal LAN to WAN router)
    When you enable LAN, that rule immediately gets shifted to LAN, so you lose access via WAN.
    Solutions:

    1. Plug into LAN and continue setup from there; or
    2. Add your own pass rule/s on WAN before you enable LAN.

    No the WAN is setup on my Back-UP ISP for testing purposes, for a VPN IPSec Tunnel Site to Site. I had to allow SSHD on and then enable the ANY ANY rule on WAN then enable LAN w/DHCP. I am able to access WEB GUI now on HTTPS WAN Address but I am still unable to access the WEB GUI from client side LAN address even with the lock out policy inplace. I am also unable to get out to surf on client side. For some reason the rules I have inplace are either screwed up or just not working, most likely screwed up.



  • Also even with LAN lockout policy I still can't get to WEB GUI on LAN side.



  • Banned

    Maybe fix your cables?



  • What would my cables have anything to do with it. The LAN is operating fine except I can't get out or to web gui. DHCP server running issuing out IP's  both clients get ip's dns, gateway from DHCP server, but still no access out or to web gui.


  • Banned

    @xenHR:

    What would my cables have anything to do with it.

    Because with rules like above, there is absolutely ZERO chance you'd get webGUI access blocked by firewall on LAN. Except that you claim that instead can access it on "WAN". Cannot see anything productive coming out of this. Wipe the mess and reinstall the box from scratch, making sure you set up both WAN and LAN properly at install time.

    @xenHR:

    The LAN is operating fine except I can't get out or to web gui.

    Sure. If you plug the cables to a dumb switch, no firewall is involved in traffic flow between boxes on that switch.


Log in to reply