pfsense web and shell management questions
-
Hi everyone
I am new to pfsense (2 days lol), I deployed it in cloud so it's managed by the public IP, I have restricted management to my /32 public ip only, in case my ip changes how do I access it?
I have access to virtual console via provider's management panel, in case i even need to do it is there a rule to disable that particular rule to allow my new public ip from Shell?
or a way to basically pause that rule so I can login or create a restrictive rule, or allow all rule etc
coming back to web management I also created an aliases where in 1 line as my public ip and second is fqdn I have fortiddns service for my fortigate, I could not figure out how to use it, once the ip removed from the rule I can no longer manage the box, so what purpose of the FQDN part??
as per manual "Aliases also help, and they can include fully qualified domain names as well. If the remote management clients have a dynamic DNS address, add it to a management alias."
https://docs.netgate.com/pfsense/en/latest/recipes/remote-firewall-administration.html
Thank you guys!
-
@nevolex said in pfsense web and shell management questions:
coming back to web management I also created an aliases where in 1 line as my public ip and second is fqdn I have fortiddns service for my fortigate
Since your IP is dynamic, there is no use of it.
Create an alias of type host and enter your FQDN in "IP or FQDN" box.
Then in the firewall rule at source select "Single host or alias" from the drop-down and enter the alias name into the right next box. -
@viragomann said in pfsense web and shell management questions:
@nevolex said in pfsense web and shell management questions:
coming back to web management I also created an aliases where in 1 line as my public ip and second is fqdn I have fortiddns service for my fortigate
Since your IP is dynamic, there is no use of it.
Create an alias of type host and enter your FQDN in "IP or FQDN" box.
Then in the firewall rule at source select "Single host or alias" from the drop-down and enter the alias name into the right next box.Thank you but how can it detect an ddns fqdn, I think I did try to remove the IP and fqdn made no difference I lost access to the management
Thank you
-
@nevolex
pfSense resolves automatically the FQDNs frequently.
https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html -
@viragomann said in pfsense web and shell management questions:
@nevolex
pfSense resolves automatically the FQDNs frequently.
https://docs.netgate.com/pfsense/en/latest/firewall/aliases.htmlThank you for your support viragomann, but this still does not work, I am using 9.9.9.9 as DNS on the box I can resolved my "user.fortiddns.com" to my current ip in the firewall rules if I change allies just to have access from that FQDN it does not work, only public ip does.
I tried to connect to public ip of the box and by it's domain name (i have assigned one- not good, cannot connect.
image url)what do I do wrong?
-
by the way found answer to 1 question If I ever lock myself out of the web management but still has access to console i can
Choose option 8 (Shell) and type pfctl -d and then to reenable it again pfctl -e
-
The issue was with DDNS, i changed it to a different one and it started to work
thanks
-
@nevolex said in pfsense web and shell management questions:
The issue was with DDNS, i changed it to a different one and it started to work
What was wrong with the DDNS?
Since you mentioned above already, pfSense can resolve your FQDN correctly the rule should have worked.Choose option 8 (Shell) and type pfctl -d and then to reenable it again pfctl -e
You can also add a rule using EasyRule in the Shell.
-
I was not sure but .fortiddns.com domain was not not resolving, I mean it was in DNS lookup and ping but for some strange reason pfsens did not want to use it to let me in.
I tested with mikrotik ddns it let me in straightaway, went back to fortigate and swap ddns from "fortiddns.com" to "float-zone.com" also one of the 3 the fortigate you can chose from and pfsense let me in straightway too.
glad i tested with the other ddns, just a bizarre error
thank you for your help