HPC Host Resources for VMware Hosting, Operating System, Control Panel & Database - Help, I Blocked access to WebGUI with firewall rules

Follow

Help, I Blocked access to WebGUI with firewall rules

If you blocked yourself out of the WebGUI remotely with a firewall rule, there may still be hope. This shouldn't happen from the LAN as there should be an anti-lockout rule that maintains access to the WebGUI from that interface.

Having to walk someone on-site through fixing the rule is better than losing everything!

Remotely Change Firewall Rules through VPN Connection

If you have a VPN connection configured to the pfsense firewall either using a client or site to site configuration, you should first try to connect to the firewall using its LAN IP across the VPN tunnel. Try both HTTP and HTTPS unless you have firewall rules preventing pfsense mangement across the VPN tunnel. If you are unable to connect to the firewall using this method than you should try one of the following methods below.

Vmware ESX Hosted Out of Band Console Access (KVM over IP)

Use vShpere Client Access to connect to a workstation on the LAN to change the firewall rules or shutoff the firewall rules temporarily directly in the pfsense console (see next method).

Remotely Circumvent Firewall Lockout by Temporarily Changing the Firewall Rules

You could (very temporarily) disable firewall rules by typing:

pfctl -d

Once you have regained the necessary access, turn the firewall back on by typing:

pfctl -e

Alternately, the loaded ruleset is left in /tmp/rules.debug. You can edit that to fix your connectivity issue and reload those rules like so:

pfctl -f /tmp/rules.debug

After that, do whatever work you need to do in the WebGUI to make the fix permanent.

(From billm in this forum post)

Remotely Circumvent Firewall Lockout With SSH Tunneling

If you blocked access to the WebGUI remotely (which is smart to do, anyhow) but you still have access with SSH, then there is a relatively easy way to get in: SSH Tunneling.

If the WebGUI is on port 80, set your client to forward local port 80 (or 8080, or whatever) to remote port "localhost:80", then point your browser to http://localhost:80 (or whichever local port you chose.) If your WebGUI is on another port, use that instead. Obviously, if you are using https you will still need to use https to access the WebGUI this way.

Here is how to setup a port 80 tunnel in PuTTY:

Fill out the options as shown, then click add. Once you connect and enter your username/password, you can access the WebGUI using your redirected local port.

Add to Favourites
Print this Article

Also Read

pfsense OpenVPN configuration (Views: 516)

pfsense - Setting Up An OpenVPN Client On Windows Vista/XP and generate the certificate on the client (Views: 2593)

pfsense 1:1 NAT (Views: 2074)

How to change the WAN IP through the CLI (Views: 430)

Certificates on pfSense (Views: 556)

Why HPC Host ?
    Corporate Overview
    Data Centers
    Network
    100 % Uptime Guarantee
    Customer Success Stories

VMware Cloud Solution
    Managed VMware Public Cloud
    Managed VMware Private Cloud
    Managed VMware HA Private Cloud
    Managed VMware Dedicated Private Cloud
    FAQ
    Features
    Infrastructure
    Backup Solutions

Hosting Solution
    Dedicated Servers
    Server Consolidation
    Business Continuity
    Virtual Desktop Solution

Services
    Monitoring Services
    Network Services
    Security Services
    Software Services
    Storage Services

Reseller Program

Ressources