pfSense Remote Management Issue via Dual WAN

kelvints87

I set up a pfsense with 2 WANs and 1 LAN. Everything is set up fine. However, I have an issue with remote access to the GUI. I enabled the same fw rule for remote access for both WAN1 & WAN2. I am able to access the GUI via WAN1, but i CAN'T access it via WAN2.

WAN1 is the current default GW. does anyone know how to set up the remote access via WAN2? Thanks.

chpalmer

What is WAN 2?

Your rule destination should simply be "Destination" "WAN Address". With no port forwarding to the LAN side right?

ashima

Hi,
WAN2 access may be blocked at the ISP level. Check whether port is opened from WAN2. There are plenty of website which can check for open ports (ping.eu for example).

I hope you are accessing via https. Better would be to use openvpn.

dragoangel

Hi, you shouldn't allow access webconfigurator from WAN. Configure OpenVPN instead. Or allow access from WAN only to IPs you explicitly trust! Anyway firewall configuration is not issue for multiWAN installation

kelvints87

@ashima

i don't think the port is not blocked by ISP. I am using HTTPS. It's just strange that when WAN1 is down, I can still access it via WAN1 IP instead of WAN2 IP. when WAN1 is down, I confirm that the LAN devices are going out to internet via WAN2.

kelvints87

@dragoangel

thanks for your reply and i understand your security concern. I am just doing the first stage config and eventually will implement its access over VPN. However, the issue seems to be incoming traffics are getting into pfsense via WAN2 IP, but WAN1 IP when WAN1 is down, which deosn't make sense to me. remote mgmt access is just an example of incoming traffic. my port forwarding and fw rules to WAN2 are not getting incoming traffics as well...

Gertjan

@kelvints87 said in pfSense Remote Management Issue via Dual WAN:

It's just strange that when WAN1 is down, I can still access it via WAN1 IP instead of WAN2 IP.

@kelvints87 said in pfSense Remote Management Issue via Dual WAN:

incoming traffics are getting into pfsense via WAN2 IP, but WAN1 IP when WAN1 is down,

This isn't clear.
You mean : you rip out the WAN1 cable, and traffic still comes in by WAN1 ?

Show firewall rules on WAN1 and 2 - and gateway settings > System > Routing > Gateways.
You created NAT rules ?

kelvints87

@Gertjan

when i take down WAN1, traffics is going out via WAN2. wan2 is showing as the default route in gateway settings > System > Routing > Gateways. another confirmation is that i check whatismyip from a LAN PC and it showed the WAN2 IP.

however, strangely, when WAN1 is down, i assume incoming traffics are coming in via WAN2 IP, but it is coming in via WAN1 actually. yes, i have NAT & FW rules. i dont see any increments in WAN2 fw rule at all. only see increments on WAN1 fw rules.

hope it is clear.

Gertjan

@kelvints87 said in pfSense Remote Management Issue via Dual WAN:

i dont see any increments in WAN2 fw rule at all. only see increments on WAN1 fw rules.

I guess these are state related.
What happens when you disconnect WAN1 and then reset all firewall states ? Counters on WAN1 keep running ?
Btw : I never used a multiple WAN myself before, just trying to understand what you see.

chpalmer

States should not matter. Your pfsense GUI will answer on any of its IP addresses WAN or LAN on whatever port you have assigned the GUI as long as there is a firewall rule allowing.

If you have an incoming firewall rule on your WANs with "WAN Address" as Destination then it will work. You simply have to enter it's WAN address on your REMOTE client.

If you are hitting your WAN address from inside your LAN then of coarse it will still work even if WAN 1 is down as long as the interface still is latched onto its address (DHCP) or anytime if it is static.