Access WEBGUI (against)



  • Hi all,

    I trying to have an acces to my webgui with a machine in the wan. I using pfsense with VMware (2network cards, one for the WAN, this card is "Bridged" and one fake for the lan "Vmnet2"). I have read the monowall documentation and pfsense.

    My webgui IP adress is 10.0.0.50.
    At home, i have a freebox (router) and my PC are in adress 192.168.0.x, i would like to access in webgui with a pc with the ip 192.168.0.x (i considered that is the WAN)

    The rules created in the firewall wan :

    Pass TCP  192.168.0.2  *  10.0.0.50  80 (HTTP)  *

    But the access is down, i have trying too with htpps but it's the same problem.

    Sry for my bad english, i'm french :)

    Thanks for your help !



  • Access to the webgui from the WAN would look like that:
    Proto  Source  Port  Destination Port  Gateway
    TCP  * * WAN address 80 (HTTP) *

    You allow Traffic
    FROM anyone FROM any port
    TO the IP of pfSense on WAN TO port 80

    Is 10.0.0.50 your LAN-Interface IP?
    If 192.168.0.x is your private subnet behind your freebox and before pfSense, then you need to find out which IP pfSense got on it's WAN and access it with this.



  • Yeah, 10.0.0.50 is the lan ip adress and 192.168.0.10 is the wan ip adress on pfsense

    I would like to acces on webgui with my pc with ip adress 192.168.0.2, webgui is ok with pc on lan (ip adress 10.0.0.10) but not for the pc in wan

    In my firewall i have 2 rules in the wan

    Proto Source Port Destination Port Gateway Schedule Description   
    *        rfc1918 *    *            *        *      *            *

    and :

    TCP  *  *  192.168.0.10  80 (HTTP)  *

    but with the second rule acces to webgui is alway down



  • Untick the box "Block private networks" on the Interfaces–>WAN config page.

    Delete your rule and set it up as in my first post.



  • ok, now the only rule is :

    TCP  *  *  192.168.0.5  80 (HTTP)  *

    but the access doesn't work :/

    192.168.0.5 is my WAN ip adress

    In the log i can see :
      Apr 16 15:22:14 WAN 192.168.0.2:2132 192.168.0.5:80 and when i click in the flag green i have the message :

    "@38 pass in log  quick on le0 inet proto tcp from any to 192.168.0.5 port = http keep stat label "User RULE"

    Too the ping doesn't work between 192.168.0.2 (my pc) and 192.168.0.5 …



  • It's ok ! the access work !

    The problem : the mask of my ip adress on wan was 32 but at home it's 24 :/
    Now the rules are ok ! Thanks for your help;)

    P.S : Have you a tutorial for creation of DMZ ?



  • Too the ping doesn't work between 192.168.0.2 (my pc) and 192.168.0.5 …

    create an allow rule with protocol type ICMP.

    What do you need to know about a DMZ?
    A DMZ is not that different of a LAN.
    It's just a different subnet than the LAN with more/less restrictive rules.





  • thank for the doc.
    I would like to create a DMZ for a web server, what is the rules generally in a dmz ?



  • The dmz itself doesn't need any rules at all (unless you need to access something from that webserver itself). Just use portforwards and firewallrules at WAN to make the server reachable on port 80 http. The reverse direction is handled by the state that is created by the incomming connection at WAN then.


Locked