Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reaching WebGUI on bridged interface

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 5 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I Offline
      II_Echelon_II
      last edited by

      Hey there,

      I've got a quick question. I have a WAN and a LAN interface. I normally reach the webgui trough the WAN interface.
      Now, when i bridge the WAN to the LAN interface, is there a way to still reach pfsense's webgui trough WAN?
      Thanks!

      1 Reply Last reply Reply Quote 0
      • A Offline
        almabes
        last edited by

        @II_Echelon_II:

        Now, when i bridge the WAN to the LAN interface…

        What?!  Why would you want to do that?

        1 Reply Last reply Reply Quote 0
        • I Offline
          II_Echelon_II
          last edited by

          The LAN interface is actually an OpenVPN interface, but thats besides the point :p

          1 Reply Last reply Reply Quote 0
          • A Offline
            almabes
            last edited by

            Ok…to get any sort of help you're going to need to post configuration details. 
            Most likely it's a rule that needs to be added somewhere, but from the little I know about your specific setup, it's odd to say the least.

            1 Reply Last reply Reply Quote 0
            • V Offline
              viragomann
              last edited by

              @II_Echelon_II:

              The LAN interface is actually an OpenVPN interface, but thats besides the point :p

              So I've also to ask: Why would you want to do that?
              Why do you want to bridge an OpenVPN connection to WAN???

              Bridging OpenVPN is a bit tricky. You find some (unsolved) threads here in the forum.
              So why you want use NAT?

              1 Reply Last reply Reply Quote 0
              • P Offline
                preid
                last edited by

                @II_Echelon_II:

                Hey there,

                I've got a quick question. I have a WAN and a LAN interface. I normally reach the webgui trough the WAN interface.
                Now, when i bridge the WAN to the LAN interface, is there a way to still reach pfsense's webgui trough WAN?
                Thanks!

                Heh. I typed a huge response, explaining how to reach the web GUI from your LAN side of the bridge. The WAN side should work as always, as long as your allow rules are in the WAN section of the firewall rules. It works fine for me, and my setup is a filtering bridge like you describe. All of your firewall rules for your hosts go into the bridge interface section, but the web GUI's allows rules still go in the WAN section like they did before.

                Incidentally, if you do want to reach the web GUI from the OpenVPN side, the same rules need to be present in the firewall rules' OpenVPN section, but they (of course) use the WAN interface's alias, since it's a bridge and the IPs are the same on both sides.

                I'm not sure why you'd want to bridge your OpenVPN clients to your WAN interface, but maybe your WAN interface is actually connected to your LAN, or something, and you want OpenVPN to share the same subnet for some reason.

                1 Reply Last reply Reply Quote 0
                • D Offline
                  doktornotor Banned
                  last edited by

                  I have a quick question as well: Does the firewall actually serve some purpose?  ::) If yes, then you've misably failed to explain what purpose that is.

                  1 Reply Last reply Reply Quote 0
                  • I Offline
                    II_Echelon_II
                    last edited by

                    I'm not sure why you'd want to bridge your OpenVPN clients to your WAN interface, but maybe your WAN interface is actually connected to your LAN, or something, and you want OpenVPN to share the same subnet for some reason.

                    This exactly :)
                    What rules should i add to reach the GUI trough the WAN interface? The default rules aren't doing it for me.

                    1 Reply Last reply Reply Quote 0
                    • P Offline
                      preid
                      last edited by

                      @II_Echelon_II:

                      I'm not sure why you'd want to bridge your OpenVPN clients to your WAN interface, but maybe your WAN interface is actually connected to your LAN, or something, and you want OpenVPN to share the same subnet for some reason.

                      This exactly :)
                      What rules should i add to reach the GUI trough the WAN interface? The default rules aren't doing it for me.

                      There shouldn't be any default rules to access the web GUI from the WAN, since most people don't want management from their WAN by default for security reasons. You have to add them.

                      The rule should be a "pass" rule for the service you have the web GUI configured for (most likely HTTPS, but maybe HTTP, depending what you set up when you installed - it might even be an alternate port, if you changed the defaults), and the target should be "WAN address". The rule goes in the WAN section of the firewall rules, as shown in the screenshot below.

                      (Note that I have the source configured to lock down to specific IPs via an alias called "RemoteManagementWAN". If you don't care who accesses the interface from your "WAN" (which is actually LAN in your case), then you can just leave it as "Any" here).

                      ![WAN Management Firewall Rule.png](/public/imported_attachments/1/WAN Management Firewall Rule.png)
                      ![WAN Management Firewall Rule.png_thumb](/public/imported_attachments/1/WAN Management Firewall Rule.png_thumb)

                      1 Reply Last reply Reply Quote 0
                      • I Offline
                        II_Echelon_II
                        last edited by

                        Thanks preid!

                        The WAN interface is the only physical interface on the device, so the anti lockout rules were applied to the WAN interface.
                        However the default OpenVPN rule allowed all traffic pointed to the WAN interface to be passed to OpenVPN.

                        I added a rule above that, so it allows traffic coming from my LAN network to my WAN interface. Now i can only acces the webgui when connected to my LAN and all traffic coming from outside will be redirected to OpenVPN :)

                        Thanks!

                        1 Reply Last reply Reply Quote 0
                        • P Offline
                          preid
                          last edited by

                          Excellent. I'm glad I could help.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.