New user unable to access webUI



  • I am completely new to using both VirtialBox and pfSense.  I am currently already on a home network with 1.1 address used by my current router, and 0.1 use by the sat modem.  I followed a video from TechSyndicate on Youtube to get both installed.  The video did not go into any details on how to setup the ip addresses, so I went through several guides trying to get it down, and I thought I had it, but no…I am still unable to connect through the web browser to the webUI.

    My Wan Ip is showing: v4/DHCP4: 192.168.1.105/24
                                        v6/DHCP6: 2002bunches-O-num/letters
    My Lan IP is showing: v4: 192.168.1.106/24

    Can someone help me out with what is going on here, and/or what I did wrong?



  • WAN and LAN can't be on the same subnet, for one thing.  If WAN is 192.168.1.0/24, then LAN MUST be something else, like 192.168.2.0/24.  If you're playing in Virtualbox, you won't be able to get access to the WebGUI unless you also have a VM client on pfSense LAN that's able to run a browser.



  • As for the first part, I reset and tried again.  I selected yes for DHCP on both 1pv4 & 1pv6 on em0 for Wan.  That saved.  I have then set em1 Lan to 192.168.2.1, and subnet mask as 24.  The selected none, none, on the next 2 options, and DCHP to no on the last.  Does that seem like atleast that part is setup correctly?



  • As said:

    You just broke The Rule Number One : WAN IP is on the same segment as the LAN IP, 192.168.1.0/24
    Please, don't.
    At best : it ain't getting worse
    At worst : not possible, you reached epic level already.

    When you start to use a product like pfSense,
    DO NOT use a router-after-router setup,
    HAVE the WAN IP being your INTERNET IP,
    USE minimal if none non-standard settings (don't fiddle with setting if they are not clear to you),
    BOOT from the start-CD,
    HAVE at least TWO NICS in your device,
    USE an UPS,
    START using IPv6 if IPv4 is humming nicely.
    Etc.

    First step to unblock yourself : change LAN IP to 192.168.2.0/24 (pfsense LAN 192.168.2.1) and retry.



  • In his case I think he's just experimenting with it.

    Does that seem like atleast that part is setup correctly?

    Yes.  Now create another VM with a light client like Lubuntu and put it on the VB internal network with pfSense LAN. Through that VM's web browser, you can access the pfSense WebGUI at 192.168.2.1, and from there you can edit your firewall rules to allow WebGUI access from WAN (which is generally best to not do when using pfSense for real).



  • KOM, thanks for the responses.  From what I initially understood by watching the video and reading the guides I could setup pfSense as a virtual machine, then access from my network.  If I am understanding you correctly I have to create another VM first (I have Unbuntu on ISO), set it up as you have described, then I will be able to access from my home network?

    Here is my issue, I don't need pfSense as my router is doing fine already, but I require some way to restrict a certain user on my network from accessing the internet at certain times, and hopefully to whitelist the sites the user can visit.  When I read abot pfSense I was hoping I could achieve these objectives with it.  Are these options possible before I continue down the rabbit hole?

    EDIT: Is it possible I will not run into these issues if I just dedicated the machine to pfSense?  I am only doing this for testing getting it setup with virtualbox.

    Gertjan - I am a professional programmer, not a network tech.  I am sorry my idiocy has angered you.



  • I think you're in for a world of hurt trying to do that.  I would think it better for a non-network person to get a consumer-grade router that has parental controls built-in and use those, or download something like DD-WRT/OpenWRT and re-flash your existing router with new firmware to give you that functionality.  Trying to do it with a separate instance of pfSense is overkill.

    If I am understanding you correctly I have to create another VM first (I have Unbuntu on ISO), set it up as you have described, then I will be able to access from my home network?

    The reason you need another VM is that, by default, pfSense WAN will ignore all connections coming from private IP space.  That means you will be unable to reach the WebGUI and configure pfSense in any way.  You reach WebGUI from LAN, and since LAN is a virtual internal network, you also need a machine on that virtual LAN network in order to reach the pfSense WebGUI.

    Gertjan - I am a professional programmer, not a network tech.  I am sorry my idiocy has angered you.

    Don't take it personally.  Imagine you're on a hardcore C++ forum and some guy appears and says he wants to write the next Bittorrent or Napster, but, by the way, what's a class?  Half the forum would facepalm.  That's ok though as there are lots of people who are more than happy to help.



  • Thanks for the information and the options.  I think it actually maybe easier to go with the first options you suggested.  I am going to try to finish this through though just to test, but like in my edit I probably would not be running into these issues if I just set the machine up as dedicated for pfSense.

    I really appreciate you time man!



  • @KOM:

    Gertjan - I am a professional programmer, not a network tech.  I am sorry my idiocy has angered you.

    Don't take it personally.  Imagine you're on a hardcore C++ forum and some guy appears and says he wants to write the next Bittorrent or Napster, but, by the way, what's a class?  Half the forum would facepalm.  That's ok though as there are lots of people who are more than happy to help.

    No way, never angry  ;D
    Had to post 'something' before doktormotor stops by, then you would have found some hardcore European humor ;)

    Btw, as soon as some-one touches a 'firewall/router' I presume that 'class' isn't an alien word anymore.
    Also, c(++) is my daily bread ;)



  • Btw, as soon as some-one touches a 'firewall/router' I presume that 'class' isn't an alien word anymore.

    That's not been my experience.  Most of the devs here and back through my life are not even computer people.  Programming and computing are a means to an end for them – a career.  While writing streams of beautiful code, they are unable to perform even the most basic computer tasks by themselves, and networking may as well be voodoo.  But it goes both ways sometimes.  I will never forget a coworker who had his MS TCP/IP certification.  He actually asked me if every computer on the network had to have its own unique IP address...



  • Ahh yes, certs. I'll never forget the time a senior dev asked me if I should encrypted my random token because if it's not encrypted, then someone else may be able to spoof it. Yes, someone going to guess my 256bit crypto-grade random token.

    Ignoring the fact that the encryption class he wanted to use was a company internal one that uses a static key and static IV. /derp