How can I set the WAN IP without HTTP access?

  • I have a new pfSense installation at a dedicated server facility, and I'm connected to it via KVM-over-IP. I need to assign it a static WAN IP address.

    I don't have access to the web GUI, because I can't get the other two machines behind this set up until I can allow access through pfSense.

    How can I set the WAN IP address from the command line?

  • P.S.: This is pfSense 1.2.3 RELEASE.

    pfSense is the main box with a static IP. M1 and M2 are behind the firewall, but inaccessible until I get pfSense set up.

    M1    M2

  • Rebel Alliance Developer Netgate

    From the console, run "pfctl -d", then the filter will be disabled, and you can access the GUI. You might need to run it again after saving some changes which might kick it back on.

    Once you have switched to ssh and have a firewall rule in place letting you in, then run "pfctl -e" to make sure it goes back on.

  • OK, thanks, that gets me partially there.

    I can then use option 8 and set the WAN IP address manually with ifconfig. However, it seems like after about 30 seconds pfSense resets the WAN IP address back to or DHCP or something, and I lose the connection.

    Why is that happening? How do I stop it from happening?

  • The easiest way to do this seems to be to just edit /conf/config.xml manually.

    vi /conf/config.xml

  • Rebel Alliance Developer Netgate

    You can probably just kill dhclient and then set by hand, rather than hand-editing the config, but that works too (but is more prone to error)

  • I think the enableallowallwan script was available on 1.2.3.  If you are wanting to temporarily allow all through WAN, go to the PHP shell/developer shell and type:

    playback enableallowallwan

    This will allow everything through until you change it in the web gui.  Isn't there an option on the console menu to set the WAN IP address?  When using a static IP, I think it lets you set the gateway, too.

  • Rebel Alliance Developer Netgate

    The console option to set the WAN IP is only on 2.0, but it's there now. May as well do pfctl -d/pfctl -e rather than involving the PHP shell, a lot less hoops to jump though for the same effect :-)

Log in to reply