Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WebGui Access from WAN2

    Scheduled Pinned Locked Moved Firewalling
    11 Posts 3 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      Wasca
      last edited by

      Could someone please confirm this for me? If I want to allow access to the secure web gui on my secondary wan connection (WAN2) would this be the connect rule.

      | WAN2 | TCP | HOMEIP |  *  | WAN2 Interface | 443 | *

      Gateway should just be * correct?

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Yes, this rule is correct (given that you only want to allow the alias "homeip").

        1 Reply Last reply Reply Quote 0
        • W
          Wasca
          last edited by

          Yup that's it.

          Just out of curiosity what if I changed "WAN2 interface" with * or the actual IP address of the WAN2 interface?

          Would that work, I only ask because I currenly have the IP address written in and I can't access it, I just wanted to see if it was mean't to work or not.

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            WAN2 Interface resolves to the current IP of the WAN.
            If you have a dynamic WAN address you dont want there fix numbers.

            • would allow access to every host on port 443 behind pfSense.
              But without NAT entries forwarding anything to some host on 443 it's kind of pointless.
              That would change if you disable the NAT and route instead.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • H
              hoba
              last edited by

              That will work as well. The advantage of interface adress is that it will change of you change your WAN2 IP or if WAN2 for ecxample is DHCP. I would'nt work with the * as destination though it wouldn't hurt you too much unless you add nat rules. It's different if you do routing instead of nat on wan2 though as a * would then open up that port on all machines behind wan2.

              1 Reply Last reply Reply Quote 0
              • W
                Wasca
                last edited by

                It's a static IP on the WAN2. This is the current rule and I can't access it using this rule.

                | WAN2 | TCP | 203.161.XXX.XXX |  *  | 203.82.XXX.XXX | 443 | *

                Should I be able to?

                1 Reply Last reply Reply Quote 0
                • GruensFroeschliG
                  GruensFroeschli
                  last edited by

                  This rule assumes that you connect from 203.161.x.x.
                  Set as source the computer you're connecting from, or *

                  We do what we must, because we can.

                  Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                  1 Reply Last reply Reply Quote 0
                  • H
                    hoba
                    last edited by

                    A nd by only changing the destination IP from the static IP to the wan2 interface adress it works? Doesn't sound reasonable to me. Check for typos.

                    1 Reply Last reply Reply Quote 0
                    • W
                      Wasca
                      last edited by

                      You know what, I think I just reliased that I hade enterd the rule like this.

                      | WAN2 | TCP | 203.161.XXX.XXX |  *  | * | * | *

                      I don't think I specified 443 or the WAN interface only the source, could that be causing the problem?

                      1 Reply Last reply Reply Quote 0
                      • H
                        hoba
                        last edited by

                        No, that should give you access to all services running at the pfSense, even the dns forwarder and so on for example if you do it that way.

                        1 Reply Last reply Reply Quote 0
                        • W
                          Wasca
                          last edited by

                          I just remembered, I also have another network on OPT3 (192.168.6.0/24) I could not access the web gui via 192.168.6.1 (OPT3 IP). Do I need to open up rules to the web gui on that interface also?

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.