Sunday, 22 January 2017

Can't access the pfSense WebConfigurator after initial configuration

If you follow this video to set up pfSense, you cannot access the WebConfigurator after installation.

This is because of two reasons:

1. The LAN is left configured as a 192.168.x.x address.
2. The firewall is turned on by default.
3. The firewall for the WAN interface blocks private networks and loopback addresses - 192.168 is one of these.

You can access the GUI initially by going into the shell and turning off the firewall with pfctl -d.
The other thing to do is to change the LAN ip address and set up the firewall to allow HTTP to this address.

The setting is:
Blocks traffic from IP addresses that are reserved for private networks per RFC 1918 (10/8, 172.16/12, 192.168/16) and unique local addresses per RFC 4193 (fc00::/7) as well as loopback addresses (127/8). This option should generally be turned on, unless this network interface resides in such a private address space, too.

So you cannot use anything starting with
10.x.x.x or
172.16.x.x or
192.168.x.x

If you change the IP address it is prudent to restart pfSense.

No comments:

Post a comment