Don't access WAN Interface when set IP for LAN Interface



  • Hi all
    I have a question. When I installed pfSense in vmware workstation with 2 card WAN(bridge) and LAN(host-only). First I set IP for WAN Interface with 192.168.1.253 and don't set IP for LAN Interface. My PC have IP 192.168.1.2 can access web configurator of pfSense over WAN Interface. Next I set IP for LAN Interface 172.16.0.1. Then My PC cann't access web configurator over WAN Interface. Can you help me to fix this issue. Thanks for all.



  • What is your firewall rules on WAN?


  • Rebel Alliance Developer Netgate

    If you only setup one interface, it would have put an anti-lockout rule on WAN to let you in. when you activated the LAN, it cut off that access thinking you wanted to get to it from the inside instead.

    You can get around this two ways:

    1. Setup a VM in the LAN and access it from there
    2. From the console, go to the shell and run:

    pfSsh.php playback enableallowallwan
    

    And then get into the GUI, add a proper rule to let you back in, and remove the 'allow all' rule that the previous command just added.



  • @Metu69salemi:

    What is your firewall rules on WAN?

    Here is WAN rule in my firewall



  • JIMP already said the solution, but as i expected your wan rules isn't allowing even a thing to happen.
    You could add there a rule that allows management for that pfsense.

    You should do this before creation of lan, if you really don't want to have management access only in lan side.

    
    Action: pass
    Disabled: unchecked
    Interface: WAN
    Protocol: TCP
    Source: you should determine your wanted ip or any
    Source port: leave it as is
    Destination: wan ip
    Destination port: management port #(could be 80, 443 or what ever you have set)
    Log: unchecked(usually this would be good trafic to log)
    Description: something descritive, like firewall management
    
    

    And click save.



  • @Metu69salemi:

    JIMP already said the solution, but as i expected your wan rules isn't allowing even a thing to happen.
    You could add there a rule that allows management for that pfsense.

    You should do this before creation of lan, if you really don't want to have management access only in lan side.

    
    Action: pass
    Disabled: unchecked
    Interface: WAN
    Protocol: TCP
    Source: you should determine your wanted ip or any
    Source port: leave it as is
    Destination: wan ip
    Destination port: management port #(could be 80, 443 or what ever you have set)
    Log: unchecked(usually this would be good trafic to log)
    Description: something descritive, like firewall management
    
    

    And click save.

    thanks all. I got it


Log in to reply