Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New user unable to access webUI

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    11 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Recoil
      last edited by

      I am completely new to using both VirtialBox and pfSense.  I am currently already on a home network with 1.1 address used by my current router, and 0.1 use by the sat modem.  I followed a video from TechSyndicate on Youtube to get both installed.  The video did not go into any details on how to setup the ip addresses, so I went through several guides trying to get it down, and I thought I had it, but no…I am still unable to connect through the web browser to the webUI.

      My Wan Ip is showing: v4/DHCP4: 192.168.1.105/24
                                          v6/DHCP6: 2002bunches-O-num/letters
      My Lan IP is showing: v4: 192.168.1.106/24

      Can someone help me out with what is going on here, and/or what I did wrong?

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        WAN and LAN can't be on the same subnet, for one thing.  If WAN is 192.168.1.0/24, then LAN MUST be something else, like 192.168.2.0/24.  If you're playing in Virtualbox, you won't be able to get access to the WebGUI unless you also have a VM client on pfSense LAN that's able to run a browser.

        1 Reply Last reply Reply Quote 0
        • R
          Recoil
          last edited by

          As for the first part, I reset and tried again.  I selected yes for DHCP on both 1pv4 & 1pv6 on em0 for Wan.  That saved.  I have then set em1 Lan to 192.168.2.1, and subnet mask as 24.  The selected none, none, on the next 2 options, and DCHP to no on the last.  Does that seem like atleast that part is setup correctly?

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            As said:

            You just broke The Rule Number One : WAN IP is on the same segment as the LAN IP, 192.168.1.0/24
            Please, don't.
            At best : it ain't getting worse
            At worst : not possible, you reached epic level already.

            When you start to use a product like pfSense,
            DO NOT use a router-after-router setup,
            HAVE the WAN IP being your INTERNET IP,
            USE minimal if none non-standard settings (don't fiddle with setting if they are not clear to you),
            BOOT from the start-CD,
            HAVE at least TWO NICS in your device,
            USE an UPS,
            START using IPv6 if IPv4 is humming nicely.
            Etc.

            First step to unblock yourself : change LAN IP to 192.168.2.0/24 (pfsense LAN 192.168.2.1) and retry.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              In his case I think he's just experimenting with it.

              Does that seem like atleast that part is setup correctly?

              Yes.  Now create another VM with a light client like Lubuntu and put it on the VB internal network with pfSense LAN. Through that VM's web browser, you can access the pfSense WebGUI at 192.168.2.1, and from there you can edit your firewall rules to allow WebGUI access from WAN (which is generally best to not do when using pfSense for real).

              1 Reply Last reply Reply Quote 0
              • R
                Recoil
                last edited by

                KOM, thanks for the responses.  From what I initially understood by watching the video and reading the guides I could setup pfSense as a virtual machine, then access from my network.  If I am understanding you correctly I have to create another VM first (I have Unbuntu on ISO), set it up as you have described, then I will be able to access from my home network?

                Here is my issue, I don't need pfSense as my router is doing fine already, but I require some way to restrict a certain user on my network from accessing the internet at certain times, and hopefully to whitelist the sites the user can visit.  When I read abot pfSense I was hoping I could achieve these objectives with it.  Are these options possible before I continue down the rabbit hole?

                EDIT: Is it possible I will not run into these issues if I just dedicated the machine to pfSense?  I am only doing this for testing getting it setup with virtualbox.

                Gertjan - I am a professional programmer, not a network tech.  I am sorry my idiocy has angered you.

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  I think you're in for a world of hurt trying to do that.  I would think it better for a non-network person to get a consumer-grade router that has parental controls built-in and use those, or download something like DD-WRT/OpenWRT and re-flash your existing router with new firmware to give you that functionality.  Trying to do it with a separate instance of pfSense is overkill.

                  If I am understanding you correctly I have to create another VM first (I have Unbuntu on ISO), set it up as you have described, then I will be able to access from my home network?

                  The reason you need another VM is that, by default, pfSense WAN will ignore all connections coming from private IP space.  That means you will be unable to reach the WebGUI and configure pfSense in any way.  You reach WebGUI from LAN, and since LAN is a virtual internal network, you also need a machine on that virtual LAN network in order to reach the pfSense WebGUI.

                  Gertjan - I am a professional programmer, not a network tech.  I am sorry my idiocy has angered you.

                  Don't take it personally.  Imagine you're on a hardcore C++ forum and some guy appears and says he wants to write the next Bittorrent or Napster, but, by the way, what's a class?  Half the forum would facepalm.  That's ok though as there are lots of people who are more than happy to help.

                  1 Reply Last reply Reply Quote 0
                  • R
                    Recoil
                    last edited by

                    Thanks for the information and the options.  I think it actually maybe easier to go with the first options you suggested.  I am going to try to finish this through though just to test, but like in my edit I probably would not be running into these issues if I just set the machine up as dedicated for pfSense.

                    I really appreciate you time man!

                    1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan
                      last edited by

                      @KOM:

                      Gertjan - I am a professional programmer, not a network tech.  I am sorry my idiocy has angered you.

                      Don't take it personally.  Imagine you're on a hardcore C++ forum and some guy appears and says he wants to write the next Bittorrent or Napster, but, by the way, what's a class?  Half the forum would facepalm.  That's ok though as there are lots of people who are more than happy to help.

                      No way, never angry  ;D
                      Had to post 'something' before doktormotor stops by, then you would have found some hardcore European humor ;)

                      Btw, as soon as some-one touches a 'firewall/router' I presume that 'class' isn't an alien word anymore.
                      Also, c(++) is my daily bread ;)

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      1 Reply Last reply Reply Quote 0
                      • KOMK
                        KOM
                        last edited by

                        Btw, as soon as some-one touches a 'firewall/router' I presume that 'class' isn't an alien word anymore.

                        That's not been my experience.  Most of the devs here and back through my life are not even computer people.  Programming and computing are a means to an end for them – a career.  While writing streams of beautiful code, they are unable to perform even the most basic computer tasks by themselves, and networking may as well be voodoo.  But it goes both ways sometimes.  I will never forget a coworker who had his MS TCP/IP certification.  He actually asked me if every computer on the network had to have its own unique IP address...

                        1 Reply Last reply Reply Quote 0
                        • H
                          Harvy66
                          last edited by

                          Ahh yes, certs. I'll never forget the time a senior dev asked me if I should encrypted my random token because if it's not encrypted, then someone else may be able to spoof it. Yes, someone going to guess my 256bit crypto-grade random token.

                          Ignoring the fact that the encryption class he wanted to use was a company internal one that uses a static key and static IV. /derp

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.