[SOLVED] I can't access WEB GUI from a local PC

Started by ricksense, November 19, 2024, 11:03:32 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
November 19, 2024, 11:03:32 AM Last Edit: November 19, 2024, 03:03:30 PM by ricksense
Hi,

I can access my OPNsense web GUI either from a management interface or directly from WAN (I set a firewall rule for that), no security issues since everything runs in a virtual lab environment.
I found out that I can't access the web GUI from local PCs running in a  VLAN,even though I set a pass rule for that, and the PCs can ping the local gateway (10.30.30.1) and go to the internet regularly.

here is the VLAN firewall rules:



and a Wireshark capture on the trunk interface:



I also disabled the firewall filters in the advanced option but I still can't access the web GUI from the "main" VLAN.

I don't know what it is wrong with it. Could you please help figure it out? Thanks

November 19, 2024, 12:40:36 PM #1
System: Settings: Administration

Is the Web GUI listening on all interfaces?
November 19, 2024, 12:48:29 PM #2
Quote from: bartjsmit on November 19, 2024, 12:40:36 PM
System: Settings: Administration

Is the Web GUI listening on all interfaces?

Yes it is.
Thanks
November 19, 2024, 12:53:45 PM #3
Can you access the firewall with SSH?
November 19, 2024, 01:06:21 PM #4
Quote from: bartjsmit on November 19, 2024, 12:53:45 PM
Can you access the firewall with SSH?

only from WAN or the MNG port, not from the PC on the VLAN
November 19, 2024, 01:09:36 PM #5
Maybe that VLAN has a Gateway set accidentally?
Hardware:
DEC740
November 19, 2024, 01:29:31 PM #6 Last Edit: November 19, 2024, 01:34:54 PM by ricksense
Quote from: Monviech (Cedrik) on November 19, 2024, 01:09:36 PM
Maybe that VLAN has a Gateway set accidentally?

Where?

Apart from WebGUI access, everything works as expected.
Can you see anything interesting in the wireshark capture screenshot I uploaded earlier?

Very weird issue
November 19, 2024, 01:37:56 PM #7
If only traffic targeted to a service on the firewall itself does not work, the response of the firewall might be sent to a different destination than back to the requesting client.

I havent checked the packet capture sorry, just an idea.
Hardware:
DEC740
November 19, 2024, 01:43:06 PM #8
Quote from: Monviech (Cedrik) on November 19, 2024, 01:37:56 PM
If only traffic targeted to a service on the firewall itself does not work, the response of the firewall might be sent to a different destination than back to the requesting client.

I havent checked the packet capture sorry, just an idea.

I didn't set anything about the gateway, so it must be on the default setting.
Thanks
November 19, 2024, 01:47:56 PM #9
Well can you tcpdump/wireshark on the requesting client to see if it receives the correct responses from the firewall when initiating an ssh session for example?
Hardware:
DEC740
November 19, 2024, 02:09:05 PM #10
Quote from: Monviech (Cedrik) on November 19, 2024, 01:47:56 PM
Well can you tcpdump/wireshark on the requesting client to see if it receives the correct responses from the firewall when initiating an ssh session for example?


Ok. I ran wireshark on the windows 7 machine while I was trying to access the OPNsense's WEBGUI

November 19, 2024, 02:19:02 PM #11
UPDATE!!

I set MSS at 600 and now it works!

I can guess it, but I don't know exactly why.

November 19, 2024, 06:22:45 PM #12
There may be a discrepancy in the MTU at layer-2. Check for switches or network cards that are set to different values.
November 19, 2024, 07:55:55 PM #13
Quote from: bartjsmit on November 19, 2024, 06:22:45 PM
There may be a discrepancy in the MTU at layer-2. Check for switches or network cards that are set to different values.

There is a virtual Cisco switch between OPNsense and clients
November 20, 2024, 08:19:55 AM #14
Set all the internal MTU to 1500. Jumbo frames are best for dedicated storage networks/VLANs.
Print
Go Up Pages1 2
User actions