[Newbie] Enable WAN using shell



  • My first post here, so please take it easy :)

    I'm trying to install pfsense on a dedicated but remotely sitting IBM x335. I've gone as far as installing pfsense on the HDD using the LiveCD, using a remote KVM. Now, what I want to do is to access the Web GUI from outside / WAN interface. Question is that since I only have access to the system's console, how do I enable the WAN interface and enable HTTP (and even SSHD) on it?

    I've read the docs and tried the following without much luck:

    
    pfSense shell: print_r($config);
    pfSense shell: print_r($config['interfaces']);
    
    pfSense shell: $config['interfaces']['wan']['disabled'] = false;
    pfSense shell: $config['interfaces']['wan']['ipaddr'] = "192.168.100.1";
    pfSense shell: $config['interfaces']['wan']['subnet'] = "24";
    pfSense shell: write_config();
    pfSense shell: system_reboot_sync();
    
    


  • On the console on startup menu there is an item to enable/disable Secure Shell (sshd).

    If you have IP addresses assigned to pfSense WAN and LAN interfaces and you have an appropriate route in your network to get to the LAN IP address of the pfSense box you should be able to connect to the web GUI from the WAN side using the LAN ip address as your target address.

    If you change the LAN IP address of the pfSense box from the console menu you should also restart the web configurator.

    No means for that php code you quoted, unless you are attempting to do something you haven't explained here.

    The exact context and menu item numbers may differ slightly with pfSense versions.

    Maybe you haven't seen these options because you haven't booted the pfSense system after completing the installation.



  • I have to admit, this is the single biggest gripe I have with pfSense. Many times, I install pfSense inside a virtual machine for testing with no other LAN connected hosts. While you can easily enable SFH via the console window, getting into the web GUI is a different story. In fact, you need a host with a GUI running on the LAN network in order to access pfSense to create the necessary rules to allow WAN clients access to the web interface. ARGH!

    Luckily, we have an easy workaround.  Here is what do to:

    • Install pfSense  on your target machine

    • Unless your WAN gets a DHCP address, you will need to manually assign the IP Address of the WAN interface:
       –> Get to the CLI (option 8 )
       --> Type "ifconfig en0 10.20.30.40 255.255.255.248" (substitute en0 for your WAN interface and use the correct IP Address/Mask)
       --> Type "route add default <default-gw-ip>"
       --> Type "pfctl -d" to temporarily disable the packet filter

    • Point your browser to your WAN IP address then login as admin/pfsense

    • Once you have done your initial configuration, MAKE SURE to enable the packet filter again (CLI --> "pfctl -e")

    Note - you may have to disable the packet filter a few times because changing GUI options will automatically enable the packet filter. In fact, I just installed pfsense in a new virtual machine today and did the exact steps above.

    Hope this helps...</default-gw-ip>


Log in to reply