1. Home
  2. pfSense® Software
  3. Firewalling
  4. Don't access WAN Interface when set IP for LAN Interface

Don't access WAN Interface when set IP for LAN Interface

  • L

    Hi all
    I have a question. When I installed pfSense in vmware workstation with 2 card WAN(bridge) and LAN(host-only). First I set IP for WAN Interface with 192.168.1.253 and don't set IP for LAN Interface. My PC have IP 192.168.1.2 can access web configurator of pfSense over WAN Interface. Next I set IP for LAN Interface 172.16.0.1. Then My PC cann't access web configurator over WAN Interface. Can you help me to fix this issue. Thanks for all.

    0
  • M

    What is your firewall rules on WAN?

    0
  • jimp
    Rebel Alliance Developer Netgate

    If you only setup one interface, it would have put an anti-lockout rule on WAN to let you in. when you activated the LAN, it cut off that access thinking you wanted to get to it from the inside instead.

    You can get around this two ways:

    1. Setup a VM in the LAN and access it from there
    2. From the console, go to the shell and run:

    pfSsh.php playback enableallowallwan

    And then get into the GUI, add a proper rule to let you back in, and remove the 'allow all' rule that the previous command just added.

    0
  • L

    @Metu69salemi:

    What is your firewall rules on WAN?

    Here is WAN rule in my firewall

    0
  • M

    JIMP already said the solution, but as i expected your wan rules isn't allowing even a thing to happen.
    You could add there a rule that allows management for that pfsense.

    You should do this before creation of lan, if you really don't want to have management access only in lan side.

    
Action: pass
Disabled: unchecked
Interface: WAN
Protocol: TCP
Source: you should determine your wanted ip or any
Source port: leave it as is
Destination: wan ip
Destination port: management port #(could be 80, 443 or what ever you have set)
Log: unchecked(usually this would be good trafic to log)
Description: something descritive, like firewall management

    And click save.

    0
  • L

    @Metu69salemi:

    JIMP already said the solution, but as i expected your wan rules isn't allowing even a thing to happen.
    You could add there a rule that allows management for that pfsense.

    You should do this before creation of lan, if you really don't want to have management access only in lan side.

    
Action: pass
Disabled: unchecked
Interface: WAN
Protocol: TCP
Source: you should determine your wanted ip or any
Source port: leave it as is
Destination: wan ip
Destination port: management port #(could be 80, 443 or what ever you have set)
Log: unchecked(usually this would be good trafic to log)
Description: something descritive, like firewall management

    And click save.

    thanks all. I got it

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy