[Solved] Allow web interface WAN access
-
Greetings to everyone,
I am using pfsense with:
- 1 ethernet WAN interface
- 1 ethernet LAN interface
- 1 wireless OPT (WIFI) interface (atheros)
All working without problems, the way I want them.
I am new to firewall rules, and I want to be able to access the pfsense web administration interface (lets call it: webAdminGUI) using SSL from outside the LAN (I mean a computer connected to the WAN).
I searched the forums and found something related here:
http://forum.pfsense.org/index.php/topic,139.msg771/topicseen.html#msg771I did add a rule at the bottom of the 2 default ones that: allow any any to WAN 443 (HTTPS)
But it did not work. I can type the IP address from inside the LAN and I see the web interface (webAdminGUI), but it does not work from a computer connected to the WAN.The thing is that I don´t trully understand what do I have to allow, as the pfsense box it's somehow in the middle between LAN and WAN.
I have dynamic IP, with dyndns configured to update the address IP.
Question: Wich rule do I need to add to allow pfsense administration (web) using a computer connected to the WAN interface? :-[
Thanks :)
-
In general, you can't reliably access a service on the pfsense via the WAN interface from inside. That is a shortcoming of pf, and that's life. Can you access it from outside?
-
Thanks for the reply danswartz. I think I did not explain the problem good enough.
I just edited the first post message to try to explain the issue better.In simple words, I just want to admin pfsense using the web interface from any computer outside my network through SSL.
Thanks for the help!
-
could you post the actual rules?
-
Here they are:
And sorry for the newbie question… :-\
-
Curiously, after a system reboot all started working fine and I can access the web interface in a secure way from outside as I wanted.
Thanks for the help danswartz and to all that read the post to try to reply! :D
-
Glad it's working. I've had a glitch or two where rebooting cleared up whatever stale state/entry was causing issues.