Controle pfsense from the wan side



  • How can i configure pfsense, so i can control and monitor pfsense from home.

    so basicly i need to get acces to pfsense from the wan side.


  • Netgate Administrator

    You can open up firewall holes to the services you require on the WAN interface.
    Either open 443 directly (for web access) or port forward a much higher port, 44433 for example. You are less likely to get continuous malicious login attempts doing that.

    Steve



  • I would recommend using putty ssh client and allowing ssh WITHOUT password but using a key. also add a tunnel for D8080 Then allow firewall rule for SSH in pfsense
    once you are connected via ssh tell your browser to use a socks proxy of 127.0.0.1 or local host
    U are now connected to your home connection and entering your pfsense ip will allow you to administer it as though your sat at home u can also use this to browse the net securely in a public wifi area


  • Netgate Administrator

    Yes, SSH tunnelling is far more secure and if you plan do leave this open permanently I also recommend you do this.

    You can also narrow the range of IPs allowed to connect if you know you are only connecting from home.

    Steve



  • Alternatively, you could use OpenVPN.



  • i'm a total nob about ssh tunnels and that kind off stuff.

    i't looks like the tunnel is working from the lan side, but what kind of rull do i have to make it work from the outside world.
    and where do i have to make it, on lan or wan


  • Netgate Administrator

    Make a rule on WAN to allow TCP port 22 with destination WAN address.

    Steve



  • When i make this rule, put a forward in the adsl modem.
    Can i then also surf to the pfsense server and there are som acces point in the field, can i also connect to them they are on the lan side


  • Netgate Administrator

    If you have an adsl modem in front of your pfSense WAN interface you will need to do something unless it's in bridge mode.

    If you have setup an SSH tunnel to your pfSense box you will be able to connect to LAN side clients.

    Steve



  • arnoldg, personally i think the only real secure way to do this is using VPN.  Follow the instructions on this video and it will work nicely.  This is the video that i used way back when i set mine up, works a charm:
    http://www.youtube.com/watch?v=odjviG-KDq8


Locked