Can't Access LAN Interface from WAN Side
-
Hey guys,
Hate asking this as its been asked over and over again but I'm not seeing a solution in any existing forum posts. Also reading "Mastering pfSense" - David Zientara, but not finding my answer there either.
I can ping the WAN interface from 192.168.1.9
I cannot ping, or access the Web Admin GUI, from 192.168.1.9
I can access the internet from 172.16.0.30
I can access the Web Admin GUI from 172.16.0.30Diagram attached.
Thanks
-
You need to port forward from the WAN side to the LAN side.
Your behind NAT. Remember?? ;D
Try your WAN GUI at 192.168.1.200
-
Thanks for the response.
OK, here's the rub … this was working as diagrammed previously without any port forwards. In fact I can't spell port forward; haven't gotten that far in the book yet.
Previously I was able to access the Web Admin GUI from 192.168.1.9 on 172.16.0.1 (LAN interface) and I was also able to ping anything on 172.16.0.0. The only configuration changes I made were to add the "Pass any protocol, from any source and any destination" rule on the WAN interface and disable "Block private networks and loopback addresses".This only became a problem after an IP conflict. I accidently gave my FreeNAS server an already used IP on 172.16.0.0. I've since shutdown all physical devices, reset pfSense to factory defaults and reconfigured.
I'm able to access the Web Admin GUI on the WAN interface from 192.168.1.9 and 172.16.0.30. I can access the Web Admin GUI on the LAN port only from 172.16.0.30. I was under the impression, from reading, that once a LAN interface is created the Web Admin GUI is only supposed to be available from the LAN interface, for security purposes. Is that not correct? Obviously I can access it on the WAN interface even though I have a LAN interface configured.
Thanks again.
-
You have also created an asymmetric routing scenario.
https://forum.pfsense.org/index.php?topic=142090.msg775011#msg775011