I'm new. I can't log in through the WAN nic. LAN nic works ok.



  • After finally getting an installation going, and after setting a stating WAN IP, and on a second nic, a static LAN ip, I found that I could only log in through the LAN nic. I can ping it with no problem. I can't even ping the WAN nic. I thought it might be bad, so as a test, I swapped the nics, so that the one that was WAN is now LAN and vice-versa. The results are the same. I can log in through the LAN nic (which used to be the WAN nic) but not the WAN nic (used to be LAN). So I know the nics both work.

    What am I doing wrong? I looked for some settings that would allow me to log in via the WAN but I couldn't find any that I recognized.

    Is there something I can post here that would help someone identify my problem. This software looks like the exact thing I need.

    Thanks in advance!



  • Try to go into the firewall->Rules.

    Add a rule there to allow traffic on the port that your web ui is running.
    You can also specify the source if you want more security.


  • Netgate Administrator

    What Kostas89 said.
    By default you should not be able to connect to the webgui or ping to the WAN interface. That traffic is blocked. Generally with a firewall you are trying to restrict access from the WAN side.

    Steve



  • Thanks for the info. I understand that normally a firewall isn't meant to do that, but in this case, while I'm evaluating the software, I'd like to show it to some colleagues while I'm elsewhere. At this point I'm not protecting a network. I just want to get into it from a remote location to show it's features.

    I noticed that on the LAN firewall the first default rule is different than other rules, in that it deals with the web configurator. On the WAN firewall rules, I don't see how to configure it at all. Perhaps I'll have to lug this around with me until I get something else set up.


  • Netgate Administrator

    You just need to add a rule on WAN to allow access. The webgui is reachable on the WAN address so your rule should be something like:
    Protocol: TCP
    Source: any
    Port: any
    Destination: WAN address
    Port: https

    Steve



  • Here is a screenshot of the rule that allows HTTPS access to the WebGUI from the WAN.
    You can also go to System->Advanced and tick "Enable Secure Shell". Then add a rule on WAN to allow access to SSH. (2nd screen shot)
    Make sure that you have good passwords on your admin and any other accounts - there will be random access attempts to these ports if you just allow source any. Even if it is just a play/test/demo, you probably don't want random people logging in and messing your system! When you don't need the remote demo then you can easily check "Disable this rule" and save, the rule is there to be easily turned on again when you want, but the system is not always open to outside hacking attempts.





  • Netgate Administrator

    I believe those screenshots are from 2.1.
    2.0.1 is slightly different (there is no IPV4/V6 choice) but shouldn't present any problem.

    Steve



  • Yes, the screenshots are 2.1 - as you say, there are a few new fields there. The IPv4 stuff is all the same principle.
    (Hmmm - I have forgotten exactly what 2.0.n screens look like!)


Log in to reply