OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Can't access WebGUI from OPT1 with pf enabled
« previous next »
  • Print
Pages: [1]

Author Topic: Can't access WebGUI from OPT1 with pf enabled  (Read 1310 times)

elyl

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Can't access WebGUI from OPT1 with pf enabled
« on: September 08, 2023, 10:41:34 pm »
I have OPNsense set up as a VM in Proxmox.

I have the WAN and LAN interfaces passed through to OPNsense, and I have OPT1 set up as the vmbr0 bridge from Proxmox, so that I can hopefully manage the router directly if it ever fails on LAN (and set it up without having to have everything live).

I can't seem to access the web gui from this OPT1 interface, unless I SSH in and pfctl -d to disable the firewall, then it lets me log in.

I have tried various combinations of firewall rules on OPT1 to allow all traffic, but I still can't access the GUI without disabling pf from the shell.  Logs say access to port 443 from my systems connected via OPT1 are failing on "Default deny / state violation rule".  WebGUI listen interfaces are set to All.

I feel like I'm missing something obvious, but even with an all * rule on OPT1, it's still blocked.  Any suggestions?
Logged

Arigion

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Can't access WebGUI from OPT1 with pf enabled
« Reply #1 on: October 14, 2024, 08:43:21 pm »
I had the exact same problem. Even an "allow everything" rule did not help. The only thing which made the gui accessible on OPT1 was changing its port from 443 to something else (4443 for me, still https)

(I know the question is old, but since I only found questions like this and never answers I reply anyway)
Logged

chemlud

  • Hero Member
  • *****
  • Posts: 2485
  • Karma: 112
    • View Profile
Re: Can't access WebGUI from OPT1 with pf enabled
« Reply #2 on: October 14, 2024, 08:51:18 pm »
Quote from: Arigion on October 14, 2024, 08:43:21 pm
I had the exact same problem. Even an "allow everything" rule did not help. The only thing which made the gui accessible on OPT1 was changing its port from 443 to something else (4443 for me, still https)

(I know the question is old, but since I only found questions like this and never answers I reply anyway)

If you need hacks like that for extremely basic functionality to work it's time to look after the fundamental setup. Virtualization is definitely not helpful in such a situation.
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....

EricPerl

  • Jr. Member
  • **
  • Posts: 89
  • Karma: 2
    • View Profile
Re: Can't access WebGUI from OPT1 with pf enabled
« Reply #3 on: October 15, 2024, 03:36:25 am »
I have not yet verified this (still new) but I'm under the impression that the firewall does not deal with established connections seamlessly (e.g. reset state table, or insertion of a filtering bridge in live network). And by that, I mean that it doesn't seem to catch up.
That might apply to idle connections as well. Their state gets dropped at some point.
In both cases, in absence of state, further communication is blocked until a connection is reestablished from scratch.
Is my understanding correct?

Is it possible that all that's needed is a refresh or new session from a different browser?
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Can't access WebGUI from OPT1 with pf enabled
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2