WebGui Access from WAN2

  • Could someone please confirm this for me? If I want to allow access to the secure web gui on my secondary wan connection (WAN2) would this be the connect rule.

    | WAN2 | TCP | HOMEIP |  *  | WAN2 Interface | 443 | *

    Gateway should just be * correct?

  • Yes, this rule is correct (given that you only want to allow the alias "homeip").

  • Yup that's it.

    Just out of curiosity what if I changed "WAN2 interface" with * or the actual IP address of the WAN2 interface?

    Would that work, I only ask because I currenly have the IP address written in and I can't access it, I just wanted to see if it was mean't to work or not.

  • WAN2 Interface resolves to the current IP of the WAN.
    If you have a dynamic WAN address you dont want there fix numbers.

    • would allow access to every host on port 443 behind pfSense.
      But without NAT entries forwarding anything to some host on 443 it's kind of pointless.
      That would change if you disable the NAT and route instead.

  • That will work as well. The advantage of interface adress is that it will change of you change your WAN2 IP or if WAN2 for ecxample is DHCP. I would'nt work with the * as destination though it wouldn't hurt you too much unless you add nat rules. It's different if you do routing instead of nat on wan2 though as a * would then open up that port on all machines behind wan2.

  • It's a static IP on the WAN2. This is the current rule and I can't access it using this rule.

    | WAN2 | TCP | 203.161.XXX.XXX |  *  | 203.82.XXX.XXX | 443 | *

    Should I be able to?

  • This rule assumes that you connect from 203.161.x.x.
    Set as source the computer you're connecting from, or *

  • A nd by only changing the destination IP from the static IP to the wan2 interface adress it works? Doesn't sound reasonable to me. Check for typos.

  • You know what, I think I just reliased that I hade enterd the rule like this.

    | WAN2 | TCP | 203.161.XXX.XXX |  *  | * | * | *

    I don't think I specified 443 or the WAN interface only the source, could that be causing the problem?

  • No, that should give you access to all services running at the pfSense, even the dns forwarder and so on for example if you do it that way.

  • I just remembered, I also have another network on OPT3 ( I could not access the web gui via (OPT3 IP). Do I need to open up rules to the web gui on that interface also?

Log in to reply