Webadmin from WAN



  • Hi All

    I want to be able to work on my pfSense box at home from work.
    So I created a rule under WAN like this:
    TCP / * / * / IP_OF_WAN / 443 (HTTPS) / *

    I've also tried using just the setting WAN address in the rule.
    Admin page is of course on HTTPS :-)
    This is a 1.2.3RC3



  • Assuming you have admin page at port 88 https and LAN IP of pfS at 10.9.8.7 the following should work:

    1. add NAT/port-forward-mapping

    WAN   TCP   88   10.9.8.7 88

    2. (auto)add FW rule at WAN

    TCP   *   *   10.9.8.7   88   *

    Note that you could add restrictions on source address if you're coming from same IP or range every time.

    Cheers,



  • @0tt0:

    Assuming you have admin page at port 88 https and LAN IP of pfS at 10.9.8.7 the following should work:

    1. add NAT/port-forward-mapping

    WAN   TCP   88   10.9.8.7 88

    2. (auto)add FW rule at WAN

    TCP   *   *   10.9.8.7   88   *

    Note that you could add restrictions on source address if you're coming from same IP or range every time.

    Cheers,

    I dont think that will work.

    Ive got this…  TCP only though now that I looked.




  • Make the destination box say 'single host' and type in your LAN IP there…



  • I think this threads leads more to confusion on friberts part than helping him.

    To clarify:
    There are two approaches which both work.

    1: Create an NAT forwarding on the WAN to the LAN IP.
    This will autocreate a firewall rule with as destination the LAN IP.
    This is what 0tt0 and mhab12 are talking about.

    2: Create only a firewall rule on the WAN.
    This will just allow access to the IP of the pfSense on the WAN.
    This is what chpalmer is talking about.

    IMO approach 2 is the proper way, since you don't add unnecessary additional NAT rules.
    You would need this if the WebGUI were only running on the LAN interface.
    But since it binds to all available interfaces, a simple firewall rule is sufficient.



  • Hi All

    Wow, that was a lot of response on a very small question. Thankyou for the excellent feedback!
    I tried both of them yesterday before I posted, as I was in doubt if I could nat to the box itself. I couldn't make it work.
    I tried again today, and now it works (just opened the firewall, no nat).

    Thankyou all again!


Log in to reply