Firewall rule to access LAN HTTP/SSH application from the Internet



  • Hi there,

    I'm installing network for an event, as shown (at least, tried) in the attached file.

    The aim of this network is to access a web http application (80) on the local server (172.16.1.42) for users connected in LAN. This network also have a WAN connexion and a static IP.

    I would eventually need, only for maintenance purpose, to access this particular server from the outside, both through HTTP (as a classic local user using the app) and through SSH to operate the codebase.

    I've dig into Firewall pfSense settings and I totally don't know how to start. The only thing I know is that if I enter the public IP address from the outside in the browser, I land on the pfSense configuration web page. I suspect I should route some specific port (like 8080) from the outside through the server (ie if 82.168.32.25:8080 -> 172.16.1.42:80). And maybe something similar for SSH ?

    As you see, I'm a little stuck, and a little help would be much appreciated here !

    Thanks a lot



  • Firewall -> NAT should be what you're looking for.



  • If you want to access your web application by entering host name in the browser or without additional port, you have to change the web configurators port in advanced settings and uncheck "WebGUI redirect" at first to vacate port 80.

    Then go to firewall > NAT and set up a port forwarding rule to forward WAN adress port 80 to your server.


Log in to reply