Access WEBGUI (against)

  • Hi all,

    I trying to have an acces to my webgui with a machine in the wan. I using pfsense with VMware (2network cards, one for the WAN, this card is "Bridged" and one fake for the lan "Vmnet2"). I have read the monowall documentation and pfsense.

    My webgui IP adress is
    At home, i have a freebox (router) and my PC are in adress 192.168.0.x, i would like to access in webgui with a pc with the ip 192.168.0.x (i considered that is the WAN)

    The rules created in the firewall wan :

    Pass TCP  *  80 (HTTP)  *

    But the access is down, i have trying too with htpps but it's the same problem.

    Sry for my bad english, i'm french :)

    Thanks for your help !

  • Access to the webgui from the WAN would look like that:
    Proto  Source  Port  Destination Port  Gateway
    TCP  * * WAN address 80 (HTTP) *

    You allow Traffic
    FROM anyone FROM any port
    TO the IP of pfSense on WAN TO port 80

    Is your LAN-Interface IP?
    If 192.168.0.x is your private subnet behind your freebox and before pfSense, then you need to find out which IP pfSense got on it's WAN and access it with this.

  • Yeah, is the lan ip adress and is the wan ip adress on pfsense

    I would like to acces on webgui with my pc with ip adress, webgui is ok with pc on lan (ip adress but not for the pc in wan

    In my firewall i have 2 rules in the wan

    Proto Source Port Destination Port Gateway Schedule Description   
    *        rfc1918 *    *            *        *      *            *

    and :

    TCP  *  *  80 (HTTP)  *

    but with the second rule acces to webgui is alway down

  • Untick the box "Block private networks" on the Interfaces–>WAN config page.

    Delete your rule and set it up as in my first post.

  • ok, now the only rule is :

    TCP  *  *  80 (HTTP)  *

    but the access doesn't work :/ is my WAN ip adress

    In the log i can see :
      Apr 16 15:22:14 WAN and when i click in the flag green i have the message :

    "@38 pass in log  quick on le0 inet proto tcp from any to port = http keep stat label "User RULE"

    Too the ping doesn't work between (my pc) and …

  • It's ok ! the access work !

    The problem : the mask of my ip adress on wan was 32 but at home it's 24 :/
    Now the rules are ok ! Thanks for your help;)

    P.S : Have you a tutorial for creation of DMZ ?

  • Too the ping doesn't work between (my pc) and …

    create an allow rule with protocol type ICMP.

    What do you need to know about a DMZ?
    A DMZ is not that different of a LAN.
    It's just a different subnet than the LAN with more/less restrictive rules.

  • thank for the doc.
    I would like to create a DMZ for a web server, what is the rules generally in a dmz ?

  • The dmz itself doesn't need any rules at all (unless you need to access something from that webserver itself). Just use portforwards and firewallrules at WAN to make the server reachable on port 80 http. The reverse direction is handled by the state that is created by the incomming connection at WAN then.

Log in to reply