• Folks.. I have run into a sticky problem.. While trying to make a NAT rule that would redirect all lan traffic to a proxy server, I have cut myself off from the web interface to the pfsense box…..  I do have console access though.......  Question is... How can I get into the box, and just get rid of that one rule?  is there such a facility?

    I didn't enable ssh, and so that is quite a pain in the butt right now too... Any ideas?

    I did take a backup of my fw a few weeks ago, and could factory default it, and update it against the .xml I have... is that the best idea?


  • Have you tried to assign the interfaces again? You will see the right IPs.

  • it's not an IP address.. I added a mesed up nat rule which will send all port 80 requests to the firewall to another machine, non existant service.. hehe…

    now my question is, when i login to the shell, where is the .conf file the fw is using\editing?  I just need to rip out one nat rule and i'm back to full health.


    I figured out the config.xml is in /conf/config.xml... I removed the one nat line that i suspect is giving me problems, save, and reboot, and my interfaces won't get addresses..... Are the nat rules not just enclosed in the ?  Is there someplace else I need to delete that is associated with that rule....

    I never realized adding a stupid nat rule could cause me such problems :(

    Thanks guys

  • After manually editing /cf/conf/config.xml you need to rm /tmp/config.cache and reboot.

  • I suggest you to configure the pfSense at the console. The manual said that setting LAN's ip will reset WebUI blocking. Try that….I hope this will solve your problem.....Best regard

  • With the box and a cross over cable set the lan ip to the one in the messed up rule.
    Fix the xml. Reboot system. Set the ip on client system and connect it to the system. open console and reset password if ness. Open web and input ip. This should work.