Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Webadmin from WAN

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    6 Posts 5 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      fribert
      last edited by

      Hi All

      I want to be able to work on my pfSense box at home from work.
      So I created a rule under WAN like this:
      TCP / * / * / IP_OF_WAN / 443 (HTTPS) / *

      I've also tried using just the setting WAN address in the rule.
      Admin page is of course on HTTPS :-)
      This is a 1.2.3RC3

      1 Reply Last reply Reply Quote 0
      • 0 Offline
        0tt0
        last edited by

        Assuming you have admin page at port 88 https and LAN IP of pfS at 10.9.8.7 the following should work:

        1. add NAT/port-forward-mapping

        WAN   TCP   88   10.9.8.7 88

        2. (auto)add FW rule at WAN

        TCP   *   *   10.9.8.7   88   *

        Note that you could add restrictions on source address if you're coming from same IP or range every time.

        Cheers,

        1 Reply Last reply Reply Quote 0
        • chpalmerC Offline
          chpalmer
          last edited by

          @0tt0:

          Assuming you have admin page at port 88 https and LAN IP of pfS at 10.9.8.7 the following should work:

          1. add NAT/port-forward-mapping

          WAN   TCP   88   10.9.8.7 88

          2. (auto)add FW rule at WAN

          TCP   *   *   10.9.8.7   88   *

          Note that you could add restrictions on source address if you're coming from same IP or range every time.

          Cheers,

          I dont think that will work.

          Ive got this…  TCP only though now that I looked.

          Firewall.JPG
          Firewall.JPG_thumb

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          1 Reply Last reply Reply Quote 0
          • M Offline
            mhab12
            last edited by

            Make the destination box say 'single host' and type in your LAN IP there…

            1 Reply Last reply Reply Quote 0
            • GruensFroeschliG Offline
              GruensFroeschli
              last edited by

              I think this threads leads more to confusion on friberts part than helping him.

              To clarify:
              There are two approaches which both work.

              1: Create an NAT forwarding on the WAN to the LAN IP.
              This will autocreate a firewall rule with as destination the LAN IP.
              This is what 0tt0 and mhab12 are talking about.

              2: Create only a firewall rule on the WAN.
              This will just allow access to the IP of the pfSense on the WAN.
              This is what chpalmer is talking about.

              IMO approach 2 is the proper way, since you don't add unnecessary additional NAT rules.
              You would need this if the WebGUI were only running on the LAN interface.
              But since it binds to all available interfaces, a simple firewall rule is sufficient.

              We do what we must, because we can.

              Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

              1 Reply Last reply Reply Quote 0
              • F Offline
                fribert
                last edited by

                Hi All

                Wow, that was a lot of response on a very small question. Thankyou for the excellent feedback!
                I tried both of them yesterday before I posted, as I was in doubt if I could nat to the box itself. I couldn't make it work.
                I tried again today, and now it works (just opened the firewall, no nat).

                Thankyou all again!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.