Not able to access WebGUI from remote through WAN
-
It is not a bug. You are doing it completely wrong.
You want a firewall rule that passes traffic on WAN source any dest WAN address port tcp/8080. You don't need to set a gateway, and you don't need the destination to be WAN net.
![Screen Shot 2014-11-28 at 11.00.35 PM.png](/public/imported_attachments/1/Screen Shot 2014-11-28 at 11.00.35 PM.png)
![Screen Shot 2014-11-28 at 11.00.35 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-11-28 at 11.00.35 PM.png_thumb) -
I figured I would have to set the gateway as I have multiple gateways. I tried Wan Net, Wan Address, everything. Like I said the only time it works is when I go into the log and create the rule. If I manually create an Identical rule it continues to block the traffic. So disregaurd my screen shots, they are wrong anyway.
-
No. All you have to do is put the firewall rule on the WAN interface you want to connect to. Then use that interface address in the rule. Then you have to be sure you're connecting to THAT interface's address. You also have to be sure your browser is connecting http or https correctly. If you want the redirect rule that sends connections from port 80 to your configured https port, you will also have to have a pass rule for port 80.
If you want to connect to ANY WAN address then make a similar rule on all your WAN interfaces.
Sounds like you might have gotten a little clicky and now it's impossible to know what you have unless you tell us or you reset to defaults and start over.
-
Again, disregaurd the screen shots I posted. I manually make a rule to pass traffic for source any, destination wan address port 8080. Does not allow the traffic. When I go into the firewall log and add the rule with the icon for an "easy Rule" it will allow traffic. The only difference with the easy rule is it uses the source IP in the rule but I change that to any afterwards and it continues to work. Unless there is something I am missing when I manually create the rule but I don't think so. I went over it option by option to compare… no differences other than what I stated above. Either way it is working now... I just used the easy rul option and modified that and I have things working the way I want now. I also left the gateway option to default and that does not seem to be causing any issues either, I was thinking it would have to always use the gateway that the request is coming from.
And I do know I need to access it like this **https://**00.00.00.00:2020 and that wasn't the issue I was having. I have the redirect option disabled.
-
Manually created this rule. It is still blocking the access. I made the rule and then hit the apply changes button.
edit: Just in case you want to point out the 8080 and 2020 discrepancy in my address bar its because I edited it to 8080 for the screen shot… didnt mean to expose the 2020... not a big security deal but I just didnt want to expose the real port number I was using....
-
So now that the previous manually created rule was not working I went into log. Found the blocked entry and clicked easy rule icon and it created these:
Then I have access. I do end up changing the source to any in the "easy rule" and destination from "single host or alias"(with the IP), to "wan address" and leave blnk, even after making the change I still have access from this rule. This is what I mean, I am missing something I think or it is a bug… maytbe it is not enabling the rules I am manually creating?
-
Just an update. I manually created the rule again, applied the settings no go. Then did the easy rule, and it allowed access. Then modified easy rule to my liking, still had access. So good so far. Then I am still annoyed by this, I deleted the rules. Manually created one on WAN interface, source any, destination wan address, port 2020. Applied settings and no go. wtf?
So i started googling pfsense firewall rule bugs and found someone reporting a bug that may haver been similar at https://redmine.pfsense.org/issues/3083.
I went to the Filter Reload status and hit reload. Now everytime I manually create the rule it works like it is supposed to! I just wanted to post this so the developers could look at it if they are interested.
-
I'll still go out on a limb and say you're not doing something right. Firewall logs should show the blocked traffic when the rule is not working. hovering over the block symbol will pop up which rule blocked it.
That bug was resolved a year ago.
Updated by Chris Buechler about 1 year ago
Status changed from Feedback to Resolved
-
-
Ok, I am sure I was not doing anything wrong. I tried several times just to verify. I mean really when you add the rule manually there is what… one thing to change... il go check... yeah... destination and port. Otherwise all default settings are all ok. I am also still having issues with apinger nd I thought that was fixed? Maybe I am on an old build? It says I am on 2.1.5. Don't know. I will see if I can reproduce it again in a few weeks and ill put together a darn video. lol. You think i would make this crap up??
-
Put your manual rule in place then post a screen shot of your WAN rules screen. Also post a screenshot of your webConfigurator section of System: Advanced: Admin Access.
If it is still not working please also include a screenshot of the blocks in the firewall log and a notation of which rule it says is doing the blocking.
Get rid of any of the easy rules too for now.
-
Ok, I was in the process of starting this all over again. So I deleted the rule. I HAVE NO RULES under WAN. And now I still have access to the admin interface from outside the local network. So this proves that the rules are not updating as they should. Anything in the logs I can show you for this?? Ill let you remote into one of my local PC's over a remote desktop connection if you would like to see for yourself. You seem like a trusted member here. I will do screen shots and stuff now as I think I will be able to reproduce the issues agaiun.
-
Geez… now I know the firewall rules are acting up. I setup a rule to keep https traffic all on wan2 as a lot of web sites will not keep me authorized when the IP changes... so I was having that issue when I just tried to make a post now... went and disabled my https-wan2 rule and re-enabled it and NOW it finally updated the other rule to block admin access over WAN. There is definatley something funny going on here. I will keep playing and get screen shots together so someone else can reproduce it maybe...
-
You do know that when you change the rules you have to clear existing states if you want immediate effect right?
How often is your IP address changing?
Other people get that screen on this forum too. It has nothing to do with firewall rules. I think it happens when you have the login timeout set to -1 and some long period of time elapses, but that's just a guess on my part. Clearing cookies for the forum fixes it.
-
Ok, ill try that. Clearing my cookies.