Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Portforward 8443 (wan ip) to 443 (wan ip) - Gui access Hack

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 275 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bingo600B
      bingo600
      last edited by bingo600

      I have a pfsense firewall behind a corp firewall , connected with a 10.129.x.0/30.
      It's running openVPN L2L (/30) towards my central pfsense box , and is working excellent.

      I would like to be able to access the pfsense gui (on the Wan IP) from my central pfsense public ip.
      If i ever FSCK up my L2L VPN.

      And was "given" 8443 as portforward in the corp firewall , to my remote pfsense.
      I can see "deny's" if i try to contact my remote firewall on corp-ip:8443 , so portforwarding is working.

      Initially i would just switch the remote pfsense gui to 8443 , but got this "brilliant idea" what if ...
      What if i could portforward 8443 to 443 on my remote wan interface ??
      Then i didn't even have to change the Gui port , and could still use just plain https , when accessing via Inside/L2L.

      Looking at portforward it asks for a "Nat Inside IP" , and that's where i have a bit of doubt ....
      Could i specify the "Wan IP" in that field , and have it do the the portforwarding only on the wan-ip ?

      I did this trick on iptables in the old days when my ISP started to block port 25 , and i had a remite mailserver. i just xlated incomming 2525 to 25 on my mailserver.
      ISTR Inbound NAT was before routing.

      I'm not sure i'd like to portforward "Wan 8443" to ie. "Lan 443 , a real inside" , as i'm not sure if i'm letting the Devil in by doing that.

      Or should i just change the GUI to 8443 , and make it "non standard" to the other 5 sites , "inside access".

      TIA
      /Bingo

      If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

      pfSense+ 23.05.1 (ZFS)

      QOTOM-Q355G4 Quad Lan.
      CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
      LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

      1 Reply Last reply Reply Quote 0
      • bingo600B
        bingo600
        last edited by bingo600

        Well to answer my own Q'

        It worked , portforwarding 8443 to 443 , and use the WAN ip address as the NAT ip address.

        As i accessed the "site" via https://x.x.x.x:8443 , i got hit by a: HTTP_REFERER Error (and a RED Screen , leaving me "dead there") , after authenticating on the login page.

        Luckily i could still access the GUI via L2L VPN , but you might want think about that issue, to not be locked out.

        I had to add x.x.x.x to System -> Advanced -> Admin access -> Alternate Hostnames

        As i did not want to disable : Browser HTTP_REFERER enforcement

        /Bingo

        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

        pfSense+ 23.05.1 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.