Installing Pfsense as a VM

Mediatek

Hello,
I'm a bit of a noob in pfsense, so bare with me.

I have 2 VMs in Vmware, one has a nagios installed the other Pfsense.
I installed the Pfsense, did the wizard and now I want to do 2 things:

1- Give Web access to GUI via WAN, and limit it only to 1 IP (Our Office).
2- Add another IP to the WAN ? and link it (NAT) to the nagios LAN addresss.

My first problem is, I do the pfctl -d to allow the GUI access, it works and then whenever I save a change in the pfsense I lose connection and I have to do the pfctl -d again.
I tried searching for this problem and didn't find anything that works.

Second problem,
I created NAT Port Forward via port 8000 so that will transfer me to the LAN IP of the nagios server and that way I'll have the Nagios behind the firewall which is the whole point.

I have a feeling this is a very simple fix , something I missed in the Installation, but can't figure out what.

Thank in advance

Gertjan

@mediatek said in Installing Pfsense as a VM:

1- Give Web access to GUI via WAN, and limit it only to 1 IP (Our Office).

If 1.2.3.4 is the IP of this office IP :

@mediatek said in Installing Pfsense as a VM:

2- Add another IP to the WAN ? and link it (NAT) to the nagios LAN addresss.

Why another WAN IP ?
Create a NAT rule :
Do this :
@mediatek said in Installing Pfsense as a VM:

I created NAT Port Forward via port 8000 so that will transfer me to the LAN IP of the nagios server and that way I'll have the Nagios behind the firewall which is the whole point.

Why is this a problem ? What is the question ?

Btw : why biding Nagios behind a firewall ?

Mediatek

@gertjan
Hi!
thanks for the answer,
I have already made a rule like this:

I gave access to all ports since its the office, now i changed it to port 80, still doesnt matter.
The problem is different, and it just happened again after I made the change, I lose connection immidiatly and I have to do this via vsphere console:

After I made the change I have to do the command again...
This is the main problem,

as for the second IP, well we have a spare IP and only 2 vms so I figured I'll dedicate it to the Nagios.
The reason we want the nagios behind it is to protect it from attacks since its gonna be our main monitoring tool.

thanks for the help in advance!

Gertjan

@mediatek said in Installing Pfsense as a VM:

it is to protect it from attacks

Then this :

pfctl -d

is a real problem.

What is the pfSense WAN IP ? The 6x.a.b.c.d ?
pfSense, - the WAN NIC - is connected to what ? An up stream router ?

@mediatek said in Installing Pfsense as a VM:

This is the main problem,

To get it solved, draw up a network graph.

stephenw10

@mediatek said in Installing Pfsense as a VM:

After I made the change I have to do the command again...
This is the main problem,

That is not a problem, it is expected.

That command disables the firewall entirely. It should only ever be a temporary workaround to allow access while you add a rule to allow something for long term access.

You can see your rule has not created any states or passed any traffic to however you're testing that it's not matching.

Steve