Accessing the WebGUI via WAN (Yes, I read the FAQ) [RESOLVED]

alberts · Oct 17, 2006, 6:56 PM

I read the wiki FAQ and followed it; however, I still can't access the WebGUI remotely. I've enabled https and changed the port to 10001. I'm able to access the gui from lan no problem with https://mybox.com:10001 with no problem. I added a rule on the WAN with the following:


Action: PASS
Disabled: NO
Interface: WAN
Protocol: TCP
Source:
   Type: NETWORK
   Adress: 205.215.0.0/16
Source Port Range:
   From: Other - 10001
   To: Other - 10001
Source OS: ANY
Destination:
   Type: WAN ADDRESS
Destination Port Range:
   From: Other - 10001
   To: Other - 10001
Log: NO
Advanced Options: None
State Type: Keep State
No XMLRPC Sync: No
Gateway: Default

Is there something else I need to do? I have no problem with any other rules I have created.
Thanks

jeroen234 · Oct 17, 2006, 5:40 PM

drop the source ports in the rule
a connection to www.msn.com on port 80 ca have 1 till 65000 as source port
its a random chosen port by the system

Juve · Oct 17, 2006, 5:57 PM

just to be exact…. source port are between 1025 an 65535 (boundaries included)

lowports : 1-1024
highports : 1025-65535

When writing rules you should always specify that connection can be established from X to Y from highports to serverport (eg. 80 for HTTP servers).

sullrich · Oct 17, 2006, 6:37 PM

As the GUI states, source ports are not needed in 99% of the cases and this is one of them.

alberts · Oct 17, 2006, 6:56 PM

Thank you. Specifying the source port was the problem. I did notice that the gui said a source port isn't needed most of the time. I just thought that in this case, since it was for the admin panel, it would be a good idea to limit the rule as much as possible. I guess not.

Thanks again.

BTW, thank you to all of the devs for this wonderful product. I dropped my custom Gentoo install using Shorewall that had worked for me as a firewall/router over the past 3 years. I didn't have any problems, but I thought I would try something different. I'm glad I did.

sullrich · Oct 17, 2006, 9:11 PM

@alberts:

Thank you. Specifying the source port was the problem. I did notice that the gui said a source port isn't needed most of the time. I just thought that in this case, since it was for the admin panel, it would be a good idea to limit the rule as much as possible. I guess not.

Thanks again.

BTW, thank you to all of the devs for this wonderful product. I dropped my custom Gentoo install using Shorewall that had worked for me as a firewall/router over the past 3 years. I didn't have any problems, but I thought I would try something different. I'm glad I did.

That is great to hear!

Welcome!!