Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Nateo segun hardware

    Scheduled Pinned Locked Moved Español
    2 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jarpat
      last edited by

      Estimados.

      Tengo instalados algunos Firewalls en mi organización usando computadores de escritorio, he detectado un problema con el Nateo que no puedo acceder a traves de la IP publica a la pagina del pfSense de algunas sucursales.

      Esta la misma configuración que las otras sucursales, pero a pesar de so es imposible acceder a la pagina Web del servidor. He optado por reinstalar desde cero pero no funciona.

      Se solucionó cuando cambie de equipo y con la misma configuración si puedo acceder.

      Lo novedoso es que si Nateo a un servidor dentro de la sucursal usando cualquier puerto, este si funciona, pero no funciona si lo redirecciono a la IP interna del servidor.

      Pienso que es alguna incompatibilidad de la tarjeta de red o del mainboard del equipo utilizado. Si pueden darme aportes sobre este tema les agradezco, ya que no tengo mas equipos disponibles para usar y es indispensable hacer uso de estos equipos. Gracias

      1 Reply Last reply Reply Quote 0
      • J
        javcasta
        last edited by

        Hola

        No aconsejan que sea accesible desde Inet, ya sea en la WAN o mediante NAT (rediririgiendo desde la WAN a  la LAN) la administración de pfSense (http, https, ssh).

        Para administrar en remoto pfSense, se aconseja usar VPN (IPsec, openVPN)

        https://doc.pfsense.org/index.php/Remote_firewall_Administration

        Several ways exist to remotely administer a pfSense firewall that come with varying levels of recommendation. They all work, but their use may vary for any number of reasons (Client restrictions, corporate policies, etc.)
        Use a VPN

        The safest way to accomplish the task is to setup a VPN that will allow access to the pfSense firewall and the network it protects. There are several VPN options available in pfSense, such as OpenVPN or IPsec. SSH tunneling to the GUI is also possible. Once a VPN is in place, the GUI may be reached safely by using a local address such as the LAN IP address. The exact details will vary depending on the VPN configuration.
        Restricted Firewall Access

        If the WebGUI port must be to the Internet, restrict it by IP address/range as much as possible. Ideally, if there is a static IP address at the location to manage from, allow traffic from that IP or subnet and nowhere else. Aliases are good to use, and they may include fully qualified domain names as well. If the remote management clients have a dynamic DNS address, add it to a management alias.
        Use HTTPS

        HTTPS should always be used to encrypt access to the WebGUI port. Modern browsers may complain about the certificate, but an exception can usually be stored so it will only complain the first time. To use HTTPS then it will be necessary to enable it under System > Advanced, Admin Access tab, using the Protocol option in the webConfigurator section.

        Salu2

        Javier Castañón
        Técnico de comunicaciones, soporte y sistemas.

        Mi web: https://javcasta.com/

        Soporte scripting/pfSense https://javcasta.com/soporte/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.