Change LAN Interface binding?

  • I have a problem with a multi WAN configuration where the second WAN interface is listed as a LAN interface.

    This is causing me a couple issues with the anti lockout rule being applied to the WAN interface and my webConfigurator being exposed to the internet. Also when I enable OpenVPN on 443/TCP on the WAN02 interface it breaks webConfigurator access.

    Is there anyway to change the "LAN" to the lagg0 interface?


  • Netgate Administrator

    You can just re-assign and rename those interfaces. You will have to move the firewall rules across.

    You could also just disable the anti-lockout rule in Sys > Adv > Admin Access.


  • Yep, that's what I ended up doing.

    It's a bit confusing when setting up especially with multiple WAN interface up as the WAN and LAN interfaces seem to be hard coded.

    I also noticed problems with unbound when running in the above configuration that seems to be fixed after re-assigning the interfaces.

    It would be nice if it were configurable.


  • Netgate Administrator

    The internal names, wan and lan, are just that, internal. You can rename them. The only thing that is hardcoded is that the anti-lockout rule is on the second interface and cannot be moved. It would be hard for us to change that at this point as so many users are expecting it.


Log in to reply