• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Can't Access LAN Interface from WAN Side

Scheduled Pinned Locked Moved Routing and Multi WAN
4 Posts 3 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    tmack8080
    last edited by Dec 30, 2017, 9:59 PM Dec 30, 2017, 9:27 PM

    Hey guys,

    Hate asking this as its been asked over and over again but I'm not seeing a solution in any existing forum posts. Also reading "Mastering pfSense" - David Zientara, but not finding my answer there either.

    I can ping the WAN interface from 192.168.1.9
    I cannot ping, or access the Web Admin GUI, from 192.168.1.9
    I can access the internet from 172.16.0.30
    I can access the Web Admin GUI from 172.16.0.30

    Diagram attached.

    Thanks
    Network.png
    Network.png_thumb

    1 Reply Last reply Reply Quote 0
    • C
      chpalmer
      last edited by Dec 30, 2017, 10:14 PM

      You need to port forward from the WAN side to the LAN side.

      Your behind NAT.  Remember??  ;D

      Try your WAN GUI at 192.168.1.200

      Triggering snowflakes one by one..
      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

      1 Reply Last reply Reply Quote 0
      • T
        tmack8080
        last edited by Dec 31, 2017, 6:07 PM

        Thanks for the response.

        OK, here's the rub … this was working as diagrammed previously without any port forwards. In fact I can't spell port forward; haven't gotten that far in the book yet.
        Previously I was able to access the Web Admin GUI from 192.168.1.9 on 172.16.0.1 (LAN interface) and I was also able to ping anything on 172.16.0.0. The only configuration changes I made were to add the "Pass any protocol, from any source and any destination" rule on the WAN interface and disable "Block private networks and loopback addresses".

        This only became a problem after an IP conflict. I accidently gave my FreeNAS server an already used IP on 172.16.0.0. I've since shutdown all physical devices, reset pfSense to factory defaults and reconfigured.

        I'm able to access the Web Admin GUI on the WAN interface from 192.168.1.9 and 172.16.0.30. I can access the Web Admin GUI on the LAN port only from 172.16.0.30. I was under the impression, from reading, that once a LAN interface is created the Web Admin GUI is only supposed to be available from the LAN interface, for security purposes. Is that not correct? Obviously I can access it on the WAN interface even though I have a LAN interface configured.

        Thanks again.

        1 Reply Last reply Reply Quote 0
        • D
          Derelict LAYER 8 Netgate
          last edited by Dec 31, 2017, 9:02 PM

          You have also created an asymmetric routing scenario.

          https://forum.pfsense.org/index.php?topic=142090.msg775011#msg775011

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received