Remote access - what am I doing wrong?
-
I have been trying to get it to work in various ways, but I can't figure this out. What is wrong with that rule that makes it impossible to access web UI from outside?
-
No idea… This is probably dumb idea, but why don't you try forwarding an outside port to your LAN IP?
For instance forward port 8081 to LANip:443 (or which ever port you run your gui on)
BTW - I consider exposing your gui to the open internet a bad idea, but sure... have at it.
-
Why do you have a source port specified? You had to click Advanced then ignore the text presented to do so. Why would you do that?
-
https://doc.pfsense.org/index.php/Remote_firewall_Administration
-
"Why do you have a source port specified?" - Good question…
Meaning it probably should be "any"
-
No idea… This is probably dumb idea, but why don't you try forwarding an outside port to your LAN IP?
For instance forward port 8081 to LANip:443 (or which ever port you run your gui on)
BTW - I consider exposing your gui to the open internet a bad idea, but sure... have at it.
I tried it, doesn't work.
BTW - most of the time, I need to access the firewall form outside the LAN.Why do you have a source port specified? You had to click Advanced then ignore the text presented to do so. Why would you do that?
Because I need to specify which incoming port need to be forwarded to which destination port?
@ptt:
https://doc.pfsense.org/index.php/Remote_firewall_Administration
That was the first thing I tried.
-
Because I need to specify which incoming port need to be forwarded to which destination port?
You are confusing NAT port forwards with firewall rules. Like the text says, this is "almost never the same as the destination port and is usually any"
Make it so.
-
The short version of what I would have posted is "+1 Derelict", I wasn't fast enough :)
Have a look at the firewall log for the entry that actually blocks your traffic. It should show a destination of port 8081 as you expect, but the source should be a high port number. This is random, so don't open this one port for the source either, set it to "any" as advised.
-
Because I need to specify which incoming port need to be forwarded to which destination port?
You are confusing NAT port forwards with firewall rules. Like the text says, this is "almost never the same as the destination port and is usually any"
Make it so.
Done. Still no external access.
-
PM me with your public IP address.
-
It's working fine. Tell us exactly how you're testing it.
-
Well, I type into the browser this address:
Public IP:8081
EDIT: I do this from within the LAN.
-
From where?
-
Then you need rules on LAN permitting it.
ETA: And you wouldn't be testing your WAN rules so…
-
If you want to test a wan nat port, you can test it from your mobile phone (with wifi off).
http(s)://x.x.x.x:8081
Change the x's to your wan IP address -
Then you need rules on LAN permitting it.
Thanks, but I will need help with that, too.
I create a rule for that, but it does not work:
-
https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting
-
Stop "testing" WAN access from LAN. Just utterly pointless. You are debugging non-existent problem:
It's working fine. Tell us exactly how you're testing it.
-
Thanks for your help guys. I learnt something new today.