IP alias suddenly redirects to webconfigurator



  • Hi,

    I have a pfsense box in place with 2 webservers behind it. The pfsense has a public wan IP, and has 2 IP aliases for both webservers.
    the IP aliases are natted to the webservers.

    Today, after a reboot, both alias IP suddenly dont go to the webservers anymore, but redirect to the router itself. So when you try to access a webpage on the webserver, you get the webconfigurator login screen.

    I really don't know what the problem is. I tried setting up the whole config from scratch, but I get the same result over and over again.

    Anyone has an idea?

    thanks



  • Are you testing from inside your network or outside?



  • Hi,

    both. It gives the same result



  • What version of pfSense?  Why was it rebooted?  Was anything done to modify it lately?



  • Hi,

    its version 2.2.4-RELEASE (amd64).

    It was rebooted because of power failure. I tried reverting my config, then restored a vm backup, then set up from scratch with basic data, but no difference. There were nog changes made the last 20 days.

    I added 2 screenshots of the virtual IP & NAT config






  • What do your firewall rules look like?



  • Hi,

    see attachment. the 2 other (private) interfaces just got an any any allow

    I tried changing my IP aliasses to CARP, but then the IP just times out.




  • Your first rule is going to match everything, so no other IPv4 WAN rules will ever get used (first come first served w/Firewall Rules).

    If you need that Any-Any pass rule it has to be last.

    So far there aren't any rules that match your VIP addresses.

    What's in the Floating and VLAN tabs?



  • Ok, I changed the order. See attachment for the other config data
















  • ~~No crash logs or syslogs or anything?

    Shutdown openvpn and see if it still stays up, I suspect openvpn is being used to crash pfsense.~~

    This was posted to another thread, dont know how it ended up on here.



  • Because, for some reason, I was unable to use pfsense anymore in the current setup, I had to move to another product temporary. For now I use untangle, which works.
    Today I tried goiing back to pfsense, but no luck…

    When I booted, suddenly all public IP's redirect to the pfsense GUI instead of the webserver. I am out of options. Anyone can help me?


  • Banned

    @mitch2k:

    When I booted, suddenly all public IP's redirect to the pfsense GUI instead of the webserver. I am out of options. Anyone can help me?

    Yeah, sure thing. Fix your internal DNS so that it points to where things actually exist. I.e., the webservers' LAN IPs. Instead of your WAN.



  • I try to connect on IP (http://publicipofwebser). So no DNS is involved as far as I know.


  • Banned

    Yeah, that's exactly the same problem.



  • I'm trying to connect from outside the WAN (so not on the LAN), to a webserver's public IP behind pfsense, which has port 80,443 and some other ports forwarded to the local IP. How would that involve a DNS issue?



  • Do the servers respond properly from LAN when accessed via their LAN IP?  Can the servers talk out, such as fetching updates?  Everything in your config looks ok to me.  Perhaps do a capture on LAN just to confirm that the packets are getting out of pfSense or not.  Are you running any extra packages like Squid. Snort, pfBlocker…?  Anything in your firewall log at the time that you tested?  SSH in or login via console and view the pf NAT ruleset:

    pfctl -sn

    or the NAT & firewall rules:

    pfctl -sa

    Look for weirdness or post it here.


Log in to reply