Allow Webconfigurator on OPTx
-
I've configured a pfSense device and added an Tertiary interface as OPT1. I would like to allow this interface to run the Webconfigurator but I can't see to find a way to do this.
I have added a firewall rule to allow HTTPS to the OPT1 interface address but the port still reports as being closed.
Any suggestions please?
-
@mattb765
I don't recommend to use port 443 for the webconfigurator generally, but if yours is listen on this port it should work this way.However, you have also to ensure that there is no floating rule and no rule on an interface group, which OPT1 is belonging to, block the access.
-
Remember this one :
?
When not checked, it creates a firewall rule on the LAN interface that permits access from the LAN to the pfSense GUI (and SSH access).
This resembles your firewall rule on your OPT1 interface.
But, be careful, this only passes IPv4 TCP traffic to port 443.
You are using the https (not http) on port 443 ?Is the IP on your device that you are using somewhere in the OPT1 network ?
Did you activate the DHCP server on the OPT1 interface ?
Assign an static IPv4 network on the OPT1 interface ?And what about DNS traffic ? It will hit the default (hidden) block rule as you do not permit UDP traffic to port 53 of the OPT1 interface (pfSense). You'll be complaining that "Internet" doesn't works very soon ^^
edit :
As soon as I placed a rule like this on top of an interface (LAN for me) :
the states counter started to raise ( the "1/443 KiB in the image)
I had to shut down the browser, and reopen it to re engage new firewall states, so the first rule would 'intercept' and pass the traffic.Btw : I also had to add IPv6 as my browsers 'know' that my pfSense also speaks IPv6, as it is the default protocol on my LAN type networks. When I left out IPv6, my browser was unable to connect to the GUI ... strange, as it should fall back to IPv4 after some time.
