Can't acces WebGUI from the WAN, even though there is a rule for it

mwilhelm91

Hey there,

I have the problem that I can't access the WebGUI from the WAN, even though I have configured a firewall rule that should it allow it.

The rule:

Action: Pass
Interface: WAN
Address Familiy: IPv4+IPv6
Protocol: TCP
Source: any
Destination: WAN address
Port Range: HTTPS(443)

The only way I can connect to the WebGUI from the WAN is by disabling the firewall rules per shell with pfctl -d. As soon as I enable the rule I can't access the WebGUI.

I really don't know what to do here, because all tips I found say you have to make the rule I already implemented.

Any help would be appreciated.

Gertjan

Hi,

Your WAN is directly connected to the net ? (what is the WAN interface IP ?)

kejianshi

Probably need to uncheck the "block private" on the wan interface.

mwilhelm91

The pfSense OS is running on a VM. I want to access from the internal network, the WAN interface is connected to it (some private IP address). I already unchecked the blocking of private IPs, so that's sadly not the problem.

kejianshi

When you say "internal" network, can you elaborate?

Gertjan

@mwilhelm91:

The pfSense OS is running on a VM…..

So it's more a VM issue (VM setup).
That explains … your rule is ok, I used the same in the past.

kejianshi

I have one for test running as VM and allowing access via the WAN works fine, so I'm wondering about your rules being used on the WAN. I'm pretty sure I put a "pass all" rule there, since nothing is going to reach the wan unless I allow it anyway. Its labeled wrong. I initially tried to pass HTTPS as you did and it was failing so I passed all and it worked. Not a security issue for me since it is firewalled by a physical pfsense.

![Firewall Rule.png](/public/imported_attachments/1/Firewall Rule.png)
![Firewall Rule.png_thumb](/public/imported_attachments/1/Firewall Rule.png_thumb)

johnpoz

What? You are suggesting someone put a any any rule on their wan? That is some bad advice… Reader please do not do this!! No matter what sort of setup you have.. Unless really are your wanting to do with pfsense is just route.. If so then turn off nat..

If those are your wan rules, and your webgui is listening on 443 then that would work.. Please post a picture of your want rules. Do you have any rules in floating? Please show your webgui listening on 443..

kejianshi

I assume his isn't connected to the web? If so, port forwarding to the gui would also be insane.