Granting certain wanadress acces to local lan



  • Hello all,

    first my specs:

    I recently "upgraded" my firewall coming from monowall to a watchguard firebox x750 loaded with pfsense 2.1? (am not sure it's 2.1, where can i find that?)

    Previously in monowall i was really happy with the firewall and nat settings, but pfsense is a bit different in a way.

    Situation:

    i have some services that i want to be able to reach on my local lan (for my own use)
    with monowall it was easy, login to the wifi network (when at a friends / family house) , get the wan ipadress (by doing a speedtest or whatsmyipadress.com).

    When i got the ipv4 wan adres, i was able to remotely login to my monowall using https and add that ipv4 adres to the firewal and granting acces to the lan subnet.

    Traffic that came from their ip adresses (family / friends) could always pass the firewall and using nat i was able to redirect the traffic to the service i wanted to use (voip, nvr system, bla bla, you name it)

    What i want to accomplish:

    add trusted wan adresses (ipv4) to the firewall and grant acces to my local lan.

    once it has passed the firewall i want it to head towards my lan,  and my services using nat.

    I do not want to use vpn…

    Thx in advance



  • I do not want to use vpn.

    Why not?  This is exactly the sort of scenario where a VPN is recommended.



  • @kom,

    Hi, thanks for responding,

    the outside wan ipv4 adresses known to me are secure enough,
    and i do not want to place a (permanent) vpn client at their house or site…  it would cost me a bunch of routers and vpn tunnels...

    before... it worked just the way i liked it

    i will be the only person using it,

    if the question were that they needed a device that would need to use my internal lan services then it would be an option to place a vpn client router (site to site) but that is not the case



  • and i do not want to place a (permanent) vpn client at their house or site.

    Why not?  The binary is tiny, and you still need a user:pass to connect.

    it would cost me a bunch of routers and vpn tunnels

    What?  I don't understand what you mean here.  Why would you need more routers?

    before… it worked just the way i liked it

    Well, you're going to have to get used to something new.  pfSense does not have this web-ssl type of VPN that your monowall had (I'm assuming it's a web-ssl VPN from your basic description.)



  • @KOM:

    and i do not want to place a (permanent) vpn client at their house or site.

    Why not?  The binary is tiny, and you still need a user:pass to connect.

    it would cost me a bunch of routers and vpn tunnels

    What?  I don't understand what you mean here.  Why would you need more routers?

    before… it worked just the way i liked it

    Well, you're going to have to get used to something new.  pfSense does not have this web-ssl type of VPN that your monowall had (I'm assuming it's a web-ssl VPN from your basic description.)

    its, to complicated for what i want, the devices that usually connect back home do not have vpn clients build in,

    i use ddwrt routers sometimes for a permanent fixed installation that talkback to a pfsense box, but that's a whole nother story

    i did not use any kind of vpn,

    at the firewall in monowall i was able in the Rules section:

    "source" wan ipv4 friends / family house, destination= lan subnet,  and allow all

    at most i used it to connect voip phones back to my system, which worked flawless,
    sometimes i used my ipad to connect (unsecure) back home to check on camera's


  • LAYER 8 Global Moderator

    ""source" wan ipv4 friends / family house, destination= lan subnet,  and allow all"

    That would not work if you were doing nat… If your lan net was a public net routed to you then that would work.

    But you can for sure port forward the traffic you want into your lan and allow specific IPs as the source.

    "watchguard firebox x750 loaded with pfsense 2.1?"

    With the talk of monowall and 2.1 - thought this was a OLD thread.. 2.1 was late 2013, 2014... its now 2018 why would you still be running that?  Monowall last release was in 2014... Talk about keeping your security updated



  • its, to complicated for what i want, the devices that usually connect back home do not have vpn clients build in,

    OpenVPN clients are free and available for almost every platform.  Suit yourself.


Log in to reply