WebGUI access from WAN



  • I have a dynamic DNS service set to point to to my router so I can host a webpage behind it.  I have the NAT rules setup so requests on port 80 are sent to the computer, however everytime I try to see if it is working, it just asks me to log into my pfsense box.  I'm not sure if this is because I am trying it from internal, but I would assume it is trying to make the connection by going out and then back in 9I haven't setup NAT reflection yet).  i would really like to prevent access to the webGUI from the WAN port and want to make sure the website will be accessable.

    Thank you.



  • try setting the webgui to another port.
    system –> general setup



  • put the webgui on a alternate port.

    Then create a firewall rule on the wan interface from any to wan address webgui port.

    That should do it.



  • That fixed the problem with not being able to access the webserver.  Thanks very much.

    One other question.  is it possible to block access to the webgui from the WAN port completely?  if so, how?  or do you just have to set it to a random unused port?

    What's the recommendation from the experts?



  • If there is no rule to allow traffic to the webgui port on the wan interface it wil not be accesible.

    Everything not expressly permitted is denied per default.



  • Gotcha.  I'll make sure to set it to a port that won't be used for anything else and then ensure that there is no rule setup for it on the WAN port.



  • access from WAN

    What rule should I write, and how exactly should I write it if I wish to allow access from the wan port?



  • @akanawa:

    access from WAN

    What rule should I write, and how exactly should I write it if I wish to allow access from the wan port?

    To allow access the pfSense Web Configurator from the WAN (or Internet):

    make a new rule ->

    Interface: WAN

    Source ip : any (its better to restrict this if you know where you will be accessing from)
    Source port: any

    Dest Ip: WAN Interface
    Dest port : the port that the web gui works on, as set in the General Settings

    :)



  • @sai:

    @akanawa:

    access from WAN

    What rule should I write, and how exactly should I write it if I wish to allow access from the wan port?

    To allow access the pfSense Web Configurator from the WAN (or Internet):

    make a new rule ->

    Interface: WAN

    Source ip : any (its better to restrict this if you know where you will be accessing from)
    Source port: any

    Dest Ip: WAN Interface
    Dest port : the port that the web gui works on, as set in the General Settings

    :)

    Thank you

    I'll have to offsite later, too see if it worked



  • Why, pfsense developpers, don't create a little function for enable/disable WAN access with a form "EN/DISABLE button" and with, if configuration not good, a form for create SSL certificat AND select an other port (not 80/443) …

    ???

    Or if a developper, like this concept, why not developpe a package ... ?

    I think itsn't complicated to do ...



  • No thanks.  This option is not useful and would only clutter the interface.  Add a firewall rule to permit the traffic.



  • @shreckbull:

    Why, pfsense developpers, don't create a little function for enable/disable WAN access with a form "EN/DISABLE button"

    You already have this.
    On the WAN rules page hit the green permit button left of the rule and it gets light green. This means it's disabled. Hit it again to re-enable.


Log in to reply