Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense web and shell management questions

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 2 Posters 791 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      nevolex
      last edited by

      Hi everyone

      I am new to pfsense (2 days lol), I deployed it in cloud so it's managed by the public IP, I have restricted management to my /32 public ip only, in case my ip changes how do I access it?

      I have access to virtual console via provider's management panel, in case i even need to do it is there a rule to disable that particular rule to allow my new public ip from Shell?

      or a way to basically pause that rule so I can login or create a restrictive rule, or allow all rule etc

      coming back to web management I also created an aliases where in 1 line as my public ip and second is fqdn I have fortiddns service for my fortigate, I could not figure out how to use it, once the ip removed from the rule I can no longer manage the box, so what purpose of the FQDN part??

      as per manual "Aliases also help, and they can include fully qualified domain names as well. If the remote management clients have a dynamic DNS address, add it to a management alias."

      https://docs.netgate.com/pfsense/en/latest/recipes/remote-firewall-administration.html

      Thank you guys!

      V 1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @nevolex
        last edited by

        @nevolex said in pfsense web and shell management questions:

        coming back to web management I also created an aliases where in 1 line as my public ip and second is fqdn I have fortiddns service for my fortigate

        Since your IP is dynamic, there is no use of it.

        Create an alias of type host and enter your FQDN in "IP or FQDN" box.
        Then in the firewall rule at source select "Single host or alias" from the drop-down and enter the alias name into the right next box.

        N 1 Reply Last reply Reply Quote 1
        • N Offline
          nevolex @viragomann
          last edited by

          @viragomann said in pfsense web and shell management questions:

          @nevolex said in pfsense web and shell management questions:

          coming back to web management I also created an aliases where in 1 line as my public ip and second is fqdn I have fortiddns service for my fortigate

          Since your IP is dynamic, there is no use of it.

          Create an alias of type host and enter your FQDN in "IP or FQDN" box.
          Then in the firewall rule at source select "Single host or alias" from the drop-down and enter the alias name into the right next box.

          Thank you but how can it detect an ddns fqdn, I think I did try to remove the IP and fqdn made no difference I lost access to the management

          Thank you

          V 1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann @nevolex
            last edited by

            @nevolex
            pfSense resolves automatically the FQDNs frequently.
            https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html

            N 1 Reply Last reply Reply Quote 0
            • N Offline
              nevolex @viragomann
              last edited by

              @viragomann said in pfsense web and shell management questions:

              @nevolex
              pfSense resolves automatically the FQDNs frequently.
              https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html

              Thank you for your support viragomann, but this still does not work, I am using 9.9.9.9 as DNS on the box I can resolved my "user.fortiddns.com" to my current ip in the firewall rules if I change allies just to have access from that FQDN it does not work, only public ip does.

              I tried to connect to public ip of the box and by it's domain name (i have assigned one- not good, cannot connect.

              ![alt text](ddns.png image url)

              what do I do wrong?

              1 Reply Last reply Reply Quote 0
              • N Offline
                nevolex
                last edited by

                by the way found answer to 1 question If I ever lock myself out of the web management but still has access to console i can

                Choose option 8 (Shell) and type pfctl -d and then to reenable it again pfctl -e

                1 Reply Last reply Reply Quote 0
                • N Offline
                  nevolex
                  last edited by

                  The issue was with DDNS, i changed it to a different one and it started to work

                  thanks

                  V 1 Reply Last reply Reply Quote 0
                  • V Offline
                    viragomann @nevolex
                    last edited by

                    @nevolex said in pfsense web and shell management questions:

                    The issue was with DDNS, i changed it to a different one and it started to work

                    What was wrong with the DDNS?
                    Since you mentioned above already, pfSense can resolve your FQDN correctly the rule should have worked.

                    Choose option 8 (Shell) and type pfctl -d and then to reenable it again pfctl -e

                    You can also add a rule using EasyRule in the Shell.

                    N 1 Reply Last reply Reply Quote 1
                    • N Offline
                      nevolex @viragomann
                      last edited by

                      @viragomann

                      I was not sure but .fortiddns.com domain was not not resolving, I mean it was in DNS lookup and ping but for some strange reason pfsens did not want to use it to let me in.

                      I tested with mikrotik ddns it let me in straightaway, went back to fortigate and swap ddns from "fortiddns.com" to "float-zone.com" also one of the 3 the fortigate you can chose from and pfsense let me in straightway too.

                      glad i tested with the other ddns, just a bizarre error

                      thank you for your help

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.