Accessing the GUI from the WAN port
I have setup a NAT to redirect port 8081 of my WAN to the LAN IP of the PFsense box to allow me to access the GUI interface from the WAN.
I had to untick the BLOCK BOGON NETWORKS and BLOCK PROIVATE NETWORKS on the WAN config page to get this to work. I cannot port forward to the captive portal page for some reason (not that I need to TBH, I just wanted to check something on it the other day).
Is this the best way to go with it?
I have my router currently dishing a DHCP address to the WAN, but may change the settings in the router to DMZ to give the PFsense box a 'direct' link directly to the broadband without anything in its way. I am not sure if this is a good idea with those two tick boxes unchecked?
You don't need NAT to access the webgui from the outside, only a firewall rule on WAN for the tcp port the webgui is listening on.
Edit: Https is more than recommended if you allow access to your webgui from the outside, also consider limiting access to only to known addresses or if that's not possible setup VPN access to your system.
I did it through NAT, but this copies across to the firewall rules anyway.
I have deleted the NAT entry which should have left the firewall rule? I can no longer access the GUI remotely now, so can't alter anything else until I am back on site! Whoops!