Reaching WebGUI on bridged interface
-
Hey there,
I've got a quick question. I have a WAN and a LAN interface. I normally reach the webgui trough the WAN interface.
Now, when i bridge the WAN to the LAN interface, is there a way to still reach pfsense's webgui trough WAN?
Thanks! -
Now, when i bridge the WAN to the LAN interface…
What?! Why would you want to do that?
-
The LAN interface is actually an OpenVPN interface, but thats besides the point :p
-
Ok…to get any sort of help you're going to need to post configuration details.
Most likely it's a rule that needs to be added somewhere, but from the little I know about your specific setup, it's odd to say the least. -
The LAN interface is actually an OpenVPN interface, but thats besides the point :p
So I've also to ask: Why would you want to do that?
Why do you want to bridge an OpenVPN connection to WAN???Bridging OpenVPN is a bit tricky. You find some (unsolved) threads here in the forum.
So why you want use NAT? -
Hey there,
I've got a quick question. I have a WAN and a LAN interface. I normally reach the webgui trough the WAN interface.
Now, when i bridge the WAN to the LAN interface, is there a way to still reach pfsense's webgui trough WAN?
Thanks!Heh. I typed a huge response, explaining how to reach the web GUI from your LAN side of the bridge. The WAN side should work as always, as long as your allow rules are in the WAN section of the firewall rules. It works fine for me, and my setup is a filtering bridge like you describe. All of your firewall rules for your hosts go into the bridge interface section, but the web GUI's allows rules still go in the WAN section like they did before.
Incidentally, if you do want to reach the web GUI from the OpenVPN side, the same rules need to be present in the firewall rules' OpenVPN section, but they (of course) use the WAN interface's alias, since it's a bridge and the IPs are the same on both sides.
I'm not sure why you'd want to bridge your OpenVPN clients to your WAN interface, but maybe your WAN interface is actually connected to your LAN, or something, and you want OpenVPN to share the same subnet for some reason.
-
I have a quick question as well: Does the firewall actually serve some purpose? ::) If yes, then you've misably failed to explain what purpose that is.
-
I'm not sure why you'd want to bridge your OpenVPN clients to your WAN interface, but maybe your WAN interface is actually connected to your LAN, or something, and you want OpenVPN to share the same subnet for some reason.
This exactly :)
What rules should i add to reach the GUI trough the WAN interface? The default rules aren't doing it for me. -
I'm not sure why you'd want to bridge your OpenVPN clients to your WAN interface, but maybe your WAN interface is actually connected to your LAN, or something, and you want OpenVPN to share the same subnet for some reason.
This exactly :)
What rules should i add to reach the GUI trough the WAN interface? The default rules aren't doing it for me.There shouldn't be any default rules to access the web GUI from the WAN, since most people don't want management from their WAN by default for security reasons. You have to add them.
The rule should be a "pass" rule for the service you have the web GUI configured for (most likely HTTPS, but maybe HTTP, depending what you set up when you installed - it might even be an alternate port, if you changed the defaults), and the target should be "WAN address". The rule goes in the WAN section of the firewall rules, as shown in the screenshot below.
(Note that I have the source configured to lock down to specific IPs via an alias called "RemoteManagementWAN". If you don't care who accesses the interface from your "WAN" (which is actually LAN in your case), then you can just leave it as "Any" here).
![WAN Management Firewall Rule.png](/public/imported_attachments/1/WAN Management Firewall Rule.png)
![WAN Management Firewall Rule.png_thumb](/public/imported_attachments/1/WAN Management Firewall Rule.png_thumb) -
Thanks preid!
The WAN interface is the only physical interface on the device, so the anti lockout rules were applied to the WAN interface.
However the default OpenVPN rule allowed all traffic pointed to the WAN interface to be passed to OpenVPN.I added a rule above that, so it allows traffic coming from my LAN network to my WAN interface. Now i can only acces the webgui when connected to my LAN and all traffic coming from outside will be redirected to OpenVPN :)
Thanks!
-
Excellent. I'm glad I could help.