Web GUI not accessible on external networks via bridge interface

  • Hey Guys,
    Since yesterday after work, I decided to spend my weekend, with my new pfSense Hardware for home use. It is some custom Hardware from AliExpress with 5 dedicated 1gbps interfaces (J1800, 4GBDDR3, 64GB SSD).
    My Problem is that I don't get a connection to the web gui on external networks, but on internal network.

    First of all, I want to say that I'm not a network-technician; But a technician and an expired Enduser, hehe.
    Im doing this as a Hobby. Im fascinating of networks and how they work (together).
    Before I was using pfSense I had tried Sophos UTM and XG, for kind of 6 month on each solution.
    Sometime ago I was watching YouTube videos and became aware of pfSense. - ..And now I have a Live System and don't want to switch back. :-)
    The best thing of pfSense over Sophos is, that it is don't need so much resources from the hardware as Sophos does. For example Sophos UTM was running approximately with 80% of RAM, and pfSense uses only 10%. - this is really noticeable if you take a closer look at the devices overall temperature.

    Enough offtopic, going ontopic now:
    My setup reads as follows:
    The Connection comes over landline and Router1 is Modem only. Just to establish the initial connection. It is also used to make an HA-Independent DECT-Network for our household mobiles. pfSense will be configured as Exposed-Host or DMZ within Router1.
    Router1 is 192.168.x.1 on /24 Subnet. Behind, pfSense has static IP 192.168.x.2 on 24 Subnet as well, I will call it WAN. pfSense made the DefaultGW to Router1's 192.168.x.1, and because of pfSense has configured this on its own, I didn't touched it.
    Outgoing NAT is set up on automatic with IPSec. Incoming NAT is empty/nothing.
    The LAN network is on interfaces 2, 3 and 4. All LAN interfaces are set up with none IP Address but with bridge interface, which I set up on IP 192.168.y.1/24.
    The one (and only) DHCP-Service is also set up on bridge interface.
    Network is running fine. All clients have internet access and also the configured bridge works as desired, so devices on different interfaces (2 to 4) are still receiving an IP by DHCP and have internet access as well.

    Here I am now.
    What makes me confused is, that is was working on external networks too a couple of hours ago. Then there was no bridge interface, but each lan interface has its own set up.

    Then it came to mind that I have also have to make a translation between wan/lan interfaces <> bridge interface and/or 1:1 forwarding.
    But it still won't work. I'm not even sure if this thinking is correct or not.
    At least the Log is accepting my rulings:
    Public IP > 192.168.x.2:4443
    192.168.x.2:4443 > 192.168.y.1:4443
    (pfSense edited to listen on https 4443, successfully generated and applied let's encrypt certificate with acme challenge)

    I'm dead now. :-D I have learned a lot of new things, but now I have to to ask for a little help.

    I want to thank in advance for spending your time and support. :-)


  • ~ Solved yesterday.

    Due to tiredness some FW and NAT Rules were not configured correct.

Log in to reply