Pfsense on lan - "remote" access



  • Hi Guys,

    I am banging my head against a wall here. I don't know if I am being blocked by some internal setting which is set to prevent this, but no matter what I try I can't manage it.

    Essentially, I have set pfsense up in a VM on unRAID to act as the firewall to my server. So the pfsense WAN address is a local IP address on my main LAN. The IP range on both networks LAN and pfsense LAN are the same (but this isn't an issue I believe).

    What I would like to do is access the pfsense GUI without having to ssh or vpn in. I don't see it as a risk because essentially I am not accessing it from the WAN (although pfsense see's it as such).

    I have tried doing a port forward to 192.168.1.1 from any "WAN" address. Disabling "Block Private Networks". It just won't work!!

    Am I missing something?

    Daniel



  • https://doc.pfsense.org/index.php/How_can_I_access_the_webGUI_from_the_WAN

    So the pfsense WAN address is a local IP address on my main LAN. The IP range on both networks LAN and pfsense LAN are the same (but this isn't an issue I believe).

    Maybe you've worded this incorrectly, but it reads as if you have your pfSense WAN and LAN on the same network.  This won't work.



  • @KOM:

    https://doc.pfsense.org/index.php/How_can_I_access_the_webGUI_from_the_WAN

    So the pfsense WAN address is a local IP address on my main LAN. The IP range on both networks LAN and pfsense LAN are the same (but this isn't an issue I believe).

    Maybe you've worded this incorrectly, but it reads as if you have your pfSense WAN and LAN on the same network.  This won't work.

    Thanks for the reply. I had seen that link. However I may have been unclear in my original post. My pfSense WAN and LAN is not on the same network. Here it is in a bit more detail:

    ASUS 88u is my primary router and network is 192.168.1.100/24
    My iMac is 192.168.1.100
    pfSense is a client on the network and is 192.168.1.2
    unRAID physically sits behind pfSense (which has its own network, which just happens to be in the same range as my main LAN).

    Technically (I think) I should be able to access the WebGUI of pfSense via:

    https://192.168.1.2

    FROM

    My iMac which (as I said above, is 192.168.1.100).

    I would achieve this my accessing the pfSense network and configuring the firewall / NAT to do so. However, no matter what rule I set up it won't work. I can however, port forward to other services (e.g. the unRAID box) just not the pfSense GUI.



  • If you add the suggested firewall rule then you should be able to access the WebGUI from WAN.  If you're already forwarding 80/443 then you can't use it for your WebGUI and expect to get to it.