Added WAN access to HTTPS, rule not hit



  • I've added two rules to enable access to my WAN IP - one for SSH, one for HTTPS.

    The SSH one works, the HTTPS doesn't (I keep needing to disable firewalling to get back in). I tried a variety of different destinations, none work. The rule isn't hit. Any ideas?
    ![Screen Shot 2016-11-28 at 9.20.18 AM.png](/public/imported_attachments/1/Screen Shot 2016-11-28 at 9.20.18 AM.png)
    ![Screen Shot 2016-11-28 at 9.20.18 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-11-28 at 9.20.18 AM.png_thumb)


  • Rebel Alliance Global Moderator

    What is your wan IP 172.16.20.5???  That is a rfc1918 address.. So how wold that work??

    The dest should be your WAN address if you want to allow access to those ports on your wan.

    BUT!!!  opening up your webgui or ssh to the public internet is not a very good idea.. You should lock down access to your wan with vpn in and then access what you need.  Or atleast lock the source port to where your going to be coming from.

    The internet is full of bad guys! ;)  Those ports are going to get scanned all the time..  Here is my hits to those ports from yesterday.
    22 |      191 |        36 |        1 |                ssh | SSH Remote Login Protocol

    So 36 different IPs hit me 191 times to port 22 (ssh)



  • I probably should have clarified that the pfSense is installed within our network, so its WAN address is actually our office's LAN (which has a default gateway out to the Internet).

    The LAN address space in the pfSense is a set of internal VMs.