Locked myself out of webGUI
-
I have the netgate FW-7551 and I set a NAT rule by accident to redirect ports 80 and 443 from the LAN net to a server on the local network. I am now locked out of the webGUI, and also hadn't enabled ssh beforehand. I tried holding down the reset button for over a minute to do a factory reset, but it just won't factory reset. The reset button also doesn't even reset the router, I think it may be broken. Any idea how I can get around this?
-
Connect to the console port and reset from there.
-
Can you connect to the shell? If so, give pfctl -d which disables all firewall rules and then login to the GUI to delete the wrong rule.
-
Can you connect to the shell? If so, give pfctl -d which disables all firewall rules and then login to the GUI to delete the wrong rule.
I didn't think to turn ssh on beforehand. Also no serial cable, might just have to buy one.
-
Should be the same as a blue Cisco console cable, in case you have one of those.
I don't see information on resetting that unit, but you could call/email Netgate. The cf recovery info is here: http://support.netgate.com/index.php?/Knowledgebase/Article/View/12/5/7541-cf-recovery
-
And people wonder why I like to have full install + VGA (-;
-
Laptops make excellent servers for those on a budget but insist upon redundancy in various forms.
-
I'm unsure about the FW-7551 but on other Netgate/pfSense store hardware the reset button is read at boot and will load a factory config file if it's pressed. It doesn't reset the box during normal operation. Is that what you've tried?
Edit: No mention of this in the docs. :-\
You could always remove the CF card and either reflash it back to factory or mount it from a BSD box and edit the config. Not sure what guarantee implications that might have. Since you bought it from Netgate presumably you have the support package so call and ask them.
Steve
-
-
I would definitely go down the path of getting a serial cable - you really want one for the day when the system is power-cycled and nothing seems to come up. Being able to see the real console output is a must.
I bought 1 of these serial cables for every site a few years ago: http://www.amazon.com/Tripp-Lite-Modem-Serial-P450-006/dp/B000067SCH/ref=pd_sim_sbs_indust_1?ie=UTF8&refRID=07T1K2VK31YGRK09HC5Z and they have all worked fine.
and you need a client (laptop, desktop whatever) that has a serial DB9 port, or a USB to serial device. -
If you do re-flash, then make sure to use an image from Netgate. The Netgate images have whatever special parameters need to be set to get a successful boot the first time (e.g. boot_delay …). I have no idea if the FW-7551 needs anything special like that, but by using the Netgate image you should have no trouble.
But don't do that - wait for a serial cable!
-
