Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Don't access WAN Interface when set IP for LAN Interface

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      ltrgiang
      last edited by

      Hi all
      I have a question. When I installed pfSense in vmware workstation with 2 card WAN(bridge) and LAN(host-only). First I set IP for WAN Interface with 192.168.1.253 and don't set IP for LAN Interface. My PC have IP 192.168.1.2 can access web configurator of pfSense over WAN Interface. Next I set IP for LAN Interface 172.16.0.1. Then My PC cann't access web configurator over WAN Interface. Can you help me to fix this issue. Thanks for all.

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi
        last edited by

        What is your firewall rules on WAN?

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          If you only setup one interface, it would have put an anti-lockout rule on WAN to let you in. when you activated the LAN, it cut off that access thinking you wanted to get to it from the inside instead.

          You can get around this two ways:

          1. Setup a VM in the LAN and access it from there
          2. From the console, go to the shell and run:

          pfSsh.php playback enableallowallwan
          

          And then get into the GUI, add a proper rule to let you back in, and remove the 'allow all' rule that the previous command just added.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • L
            ltrgiang
            last edited by

            @Metu69salemi:

            What is your firewall rules on WAN?

            Here is WAN rule in my firewall

            1 Reply Last reply Reply Quote 0
            • M
              Metu69salemi
              last edited by

              JIMP already said the solution, but as i expected your wan rules isn't allowing even a thing to happen.
              You could add there a rule that allows management for that pfsense.

              You should do this before creation of lan, if you really don't want to have management access only in lan side.

              
              Action: pass
              Disabled: unchecked
              Interface: WAN
              Protocol: TCP
              Source: you should determine your wanted ip or any
              Source port: leave it as is
              Destination: wan ip
              Destination port: management port #(could be 80, 443 or what ever you have set)
              Log: unchecked(usually this would be good trafic to log)
              Description: something descritive, like firewall management
              
              

              And click save.

              1 Reply Last reply Reply Quote 0
              • L
                ltrgiang
                last edited by

                @Metu69salemi:

                JIMP already said the solution, but as i expected your wan rules isn't allowing even a thing to happen.
                You could add there a rule that allows management for that pfsense.

                You should do this before creation of lan, if you really don't want to have management access only in lan side.

                
                Action: pass
                Disabled: unchecked
                Interface: WAN
                Protocol: TCP
                Source: you should determine your wanted ip or any
                Source port: leave it as is
                Destination: wan ip
                Destination port: management port #(could be 80, 443 or what ever you have set)
                Log: unchecked(usually this would be good trafic to log)
                Description: something descritive, like firewall management
                
                

                And click save.

                thanks all. I got it

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.