Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense as a client not a firewall.

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 4 Posters 963 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Carsonix
      last edited by

      Hello

      I have a bit of an odd setup and I can't find any answers online...

      Modem -> tp-link omada firewall -> omada switch -> proxmox(vlan 70, 192.168.70.125) -> pfsense vm (192.168.70.11)

      I've setup a vlan lan on pfsense (vlan 80 192.168.80.10)

      Both proxmox and pfsense get their IP's from tplink omada.

      I don't want to use pfsense as my firewall solution, I just want to play around with it for now so it's running as a VM in proxmox. Proxmox is plugged into my switch with its own vlan 70

      My computer is plugged into my switch on separate vlan 10 (192.168.10.125)

      In order to get to the webconfigurator I have to open a console in the proxmox pfsense vm and type "pfctl -d" to disable the pfsense firewall.

      How do I set this up so I can access the webconfigurator (192.168.70.11) from my computer (192.168.20.125) while the pfsense firewall is enabled.

      As soon as I enable the firewall in pfsense (pfctl -e) I get locked out of the webconfigurator(192.168.70.11) from my computer (192.168.10.125)

      Thanks!

      B johnpozJ 2 Replies Last reply Reply Quote 0
      • B
        bigsy @Carsonix
        last edited by

        @carsonix You wouldn't want to do this in production, but the last option on this link explains how to open access to the GUI from the WAN.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Yes, just add a firewall rule on WAN to pass that traffic.

          If it's just for testing you might just pass all traffic on WAN.

          Steve

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @Carsonix
            last edited by

            @carsonix if you only created 1 interface in pfsense, the rules to allow web gui access would be on its wan. If you create 2 interfaces, ie wan and lan then wan has nothing open.

            But why would not just access web gui from the lan side via one of your VMs or other boxes you put behind pfsense. Not sure how much play you will get on a firewall that is not actually firewalling anything.

            But yea as mentioned if you want to access pfsense web gui from the wan side, just create a rule on the wan interface to allow that.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • C
              Carsonix
              last edited by

              I currently have 1 NIC in my server

              I do access the webconfigurator through WAN IP.

              If I try to access webconfigurator through vlan LAN IP it doesn't work.

              **I know I have to change the firewall to allow access to the webonfigurator from my PC but I don't know how or what to do. My PC is in vlan 10, Proxmox (pfsense) is on vlan 70.

              Can someone please provide step by step instructions on how to allow access.**

              I will be adding a second NIC I'll plug a switch and stuff into and so pfSense will be acting like a firewall to those things, but inside my network.

              Once I have it figured out and know what I'm doing Ill feel more comfortable using it as my real firewall.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Add a PASS firewall rule on WAN with source 192.168.10.0/24 and destination WAN address on port 443.

                That's assuming nothing is NATing that traffic between your client and pfSense.

                C 1 Reply Last reply Reply Quote 1
                • C
                  Carsonix @stephenw10
                  last edited by

                  @stephenw10 said in pfsense as a client not a firewall.:

                  Add a PASS firewall rule on WAN with source 192.168.10.0/24 and destination WAN address on port 443.

                  That's assuming nothing is NATing that traffic between your client and pfSense.

                  A slight modification "This Firewall" but works perfectly. Thanks a bunch!

                  92304fe2-0ef0-4ca1-8be0-93e906c6816d-image.png

                  C 1 Reply Last reply Reply Quote 1
                  • C
                    Carsonix @Carsonix
                    last edited by Carsonix

                    So this "LAN" I created which uses the same physical NIC as WAN, what good is it, what do I use it for? I gave it IP 192.168.80.1 and vlan 80

                    Nowhere in my omada network equipment is there a vlan 80 setup.

                    vtnet0 is WAN (vmbr0 in Proxmox)

                    vtnet1 was just made up in proxmox (vmbr5) and appears in pfsense as vtnet1. I read to do this in some setup guide I found on the internet but it appears to do nothing???

                    52eb01dc-3d30-42cf-8df8-22acb12cddd3-image.png

                    69d850d9-518e-4f38-b112-afcec33f30eb-image.png

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      In a virtual install like that I'd usually expect to see the LAN assigned to an interface connected to an internal only bridge. Such that other VMs on that bridge use pfSense as their gateway and traffic to/from them can be filtered.

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.