Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Accessing the WebGUI via WAN (Yes, I read the FAQ) [RESOLVED]

    Scheduled Pinned Locked Moved
    webGUI
    4
    6
    3.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alberts
      last edited by

      I read the wiki FAQ and followed it; however, I still can't access the WebGUI remotely.  I've enabled https and changed the port to 10001.  I'm able to access the gui from lan no problem with https://mybox.com:10001 with no problem.  I added a rule on the WAN with the following:

      
Action: PASS
Disabled: NO
Interface: WAN
Protocol: TCP
Source:
   Type: NETWORK
   Adress: 205.215.0.0/16
Source Port Range:
   From: Other - 10001
   To: Other - 10001
Source OS: ANY
Destination:
   Type: WAN ADDRESS
Destination Port Range:
   From: Other - 10001
   To: Other - 10001
Log: NO
Advanced Options: None
State Type: Keep State
No XMLRPC Sync: No
Gateway: Default

      Is there something else I need to do?  I have no problem with any other rules I have created.
      Thanks

      1 Reply Last reply Reply Quote 0
      • J
        jeroen234
        last edited by

        drop the source ports  in the rule
        a connection to www.msn.com on port 80 ca have 1 till 65000 as source port
        its a random chosen port by the system

        1 Reply Last reply Reply Quote 0
        • J
          Juve
          last edited by

          just to be exact…. source port are between 1025 an 65535 (boundaries included)

          lowports : 1-1024
          highports : 1025-65535

          When writing rules you should always specify that connection can be established from X to Y from highports to serverport (eg. 80 for HTTP servers).

          1 Reply Last reply Reply Quote 0
          • S
            sullrich
            last edited by

            As the GUI states, source ports are not needed in 99% of the cases and this is one of them.

            1 Reply Last reply Reply Quote 0
            • A
              alberts
              last edited by

              Thank you.  Specifying the source port was the problem.  I did notice that the gui said a source port isn't needed most of the time.  I just thought that in this case, since it was for the admin panel, it would be a good idea to limit the rule as much as possible.  I guess not.

              Thanks again.

              BTW, thank you to all of the devs for this wonderful product.  I dropped my custom Gentoo install using Shorewall that had worked for me as a firewall/router over the past 3 years.  I didn't have any problems, but I thought I would try something different.  I'm glad I did.

              1 Reply Last reply Reply Quote 0
              • S
                sullrich
                last edited by

                @alberts:

                Thank you.  Specifying the source port was the problem.  I did notice that the gui said a source port isn't needed most of the time.  I just thought that in this case, since it was for the admin panel, it would be a good idea to limit the rule as much as possible.  I guess not.

                Thanks again.

                BTW, thank you to all of the devs for this wonderful product.  I dropped my custom Gentoo install using Shorewall that had worked for me as a firewall/router over the past 3 years.  I didn't have any problems, but I thought I would try something different.  I'm glad I did.

                That is great to hear!

                Welcome!!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post