Cannot access PfSense GUI

theaddies · Jul 12, 2015, 2:02 AM

I have something strange happening and I am at my whits end. I have installed PfSense on Xenserver and everything works swimmingly. I have a pretty bog standard setup with the LAN assigning IP addresses and the gateway set at 192.168.1.1. Everything works. I can ping the gateway, the VM works fine, the internet works fine. The only thing I cannot do is type 192.168.1.1 into the web browser on my desktop. It simply times out. The wierdest thing is that from another computer on the same network the GUI is accessible with no problem. What could I possibly have done to the setup of my Windows 7 PC to prevent it from accessing the address. By the way, it is exclusively 192.168.1.1. If I change the gateway address to something else, I can get to the GUI from this PC. Thanks in advance for the help.

phil.davis · Jul 12, 2015, 3:28 AM

Some duplicate 192.168.1.1 address in your part of the subnet/switches or even your Windows7 is set to 192.168.1.1?

arp -a

and see what MAC address your Windows7 thinks is 192.168.1.1 compared to another client that is OK.

theaddies · Jul 12, 2015, 9:46 AM

Great suggestion. I did it and the MAC address on 2 different windows 7 machines for 192.168.1.1 are the same. It works on the other one and not this one. I only have one 192.168.1.1 on this machine, the problem one.

doktornotor · Jul 12, 2015, 9:57 AM

@theaddies:

I only have one 192.168.1.1 on this machine, the problem one.

Huh? ??? ??? ???

Do yourself a big favour and avoid setting your firewall IPs to an IP used on half of the equipment out there by default: http://www.techspot.com/guides/287-default-router-ip-addresses/

johnpoz · Jul 12, 2015, 12:38 PM

^ exactly!!! All of my local side interfaces on pfsense all end in .253 because .1 and .254 are very very common device IPs. I moved away from the 192.168.0 and 192.168.1 segments a while back.. But continue to use .253 out of habit.

So your windows PC that can not get to the pfsense gui IP address is 192.168.1.1??? Please post an ipconfig /all output from your problem machine..

You do understand your PC can not have the same IP as pfsense right?? They both can not be 192.168.1.1 ;) You say it works when you change the pfsense IP.. So it seem to point to you have the same IP on your pc and pfsense and then not understanding why your pc can not talk to pfsense.. Which unless your like high as a kite seems just flabbergasting ROFL!!

stephenw10 · Jul 12, 2015, 4:58 PM

It reads to me like he ran arp- a on the client that cannot reach the pfSense webgui as Phil suggested and saw one MAC using the 192.168.1.1 address, as expected. Then to check it wasn't some random MAC checked it on another client and it was the same.
The only thing left is to check that's actually the correct MAC for the pfSense LAN interface. He may already have done that.

However, yes, changing to use a different subnet on the LAN is often a good idea. It will rule out some local IP blocking issue at least.

Steve

theaddies · Jul 12, 2015, 8:52 PM

Thanks for the responses guys. I will follow your advice and make the change from the .1 address. I am definitely a NOOB at all this stuff but thankfully I am not such a dope to not know that my Windows PC can be configured on 192.168.1.1. My windows PC is 192.168.1.107. StephenW10's hypothesis was correct. I checked the MAC address on my problem PC and another PC with arp -a and they are the same. I also confirmed that it is the same MAC address listed within Xencenter for the PfSense VM.

The only reason I haven't changed the LAN IP address as yet is that I have a lot of devices in the network and I didn't want to change the default gateway for all of them.

I would post an ipconfig /all but it is a absolute mess because I have a VPN adapter and a Virtual Box adapter included in it. I also realize that this probably has something to do with my issues.

Anyway, thanks for the discussion. I am really enjoying learning about all of this and I realize dealing with dopes like me is not often enjoyable.

stephenw10 · Jul 12, 2015, 11:59 PM

No problem. That's what the forum is for. :)
When you try to connect from the blocked client do you see blocked traffic in the firewall log in Status > System Logs, Firewall tab? Obviously you'd have to use a different client to check.
It seems very likely it's a local block at the client. Have you tried multiple browsers?

Steve

theaddies · Jul 13, 2015, 11:48 AM

OK, so this is really weird. It works on IE, which I never use, but not on chrome or firefox. How can this be?

phil.davis · Jul 13, 2015, 12:45 PM

Do a ctrl-F5 or whatever in Firefox to make it completely reload the whole pfSense webGUI. Maybe if there is nothing old cached then it will be happy.

Guest · Jul 13, 2015, 2:41 PM

OK, so this is really weird. It works on IE, which I never use, but not on chrome or firefox. How can this be?

In the MS IE mostly nothing comes pre-installed and you will only to accept and allow something comes java based
as this would be normal in this days pointed to the java security.

But, the other browsers comes often or will be often later sorted with script and adware blockers and there for
it could be that you will be getting in trouble then, not only on a pfSense box, as I see it right!

For sure let the Ccleaner running once before you will reconnect to the pfSense box makes in some rarely
cases also sense. So that nothing from earlier connects will be stored in the cache or elsewhere that can
corrupt the login process.