Welcome, Guest. Please login or register.
Did you miss your activation email?
+  pfSense Forum
|-+  pfSense English Support» webGUI» Accessing the WebGUI via WAN (Yes, I read the FAQ) [RESOLVED]
Username:
Password:
 
Home Help Search Login Register
 

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Accessing the WebGUI via WAN (Yes, I read the FAQ) [RESOLVED]  (Read 2484 times)
0 Members and 1 Guest are viewing this topic.
alberts
Newbie
*
Offline Offline

Posts: 5


View Profile
« on: October 17, 2006, 12:25:47 pm »
I read the wiki FAQ and followed it; however, I still can't access the WebGUI remotely.  I've enabled https and changed the port to 10001.  I'm able to access the gui from lan no problem with https://mybox.com:10001 with no problem.  I added a rule on the WAN with the following:
Code:
Action: PASS
Disabled: NO
Interface: WAN
Protocol: TCP
Source:
   Type: NETWORK
   Adress: 205.215.0.0/16
Source Port Range:
   From: Other - 10001
   To: Other - 10001
Source OS: ANY
Destination:
   Type: WAN ADDRESS
Destination Port Range:
   From: Other - 10001
   To: Other - 10001
Log: NO
Advanced Options: None
State Type: Keep State
No XMLRPC Sync: No
Gateway: Default
Is there something else I need to do?  I have no problem with any other rules I have created.
Thanks
« Last Edit: October 17, 2006, 01:56:46 pm by alberts » Logged
jeroen234
Sr. Member
****
Offline Offline

Posts: 506


View Profile
« Reply #1 on: October 17, 2006, 12:40:32 pm »
drop the source ports  in the rule
a connection to www.msn.com on port 80 ca have 1 till 65000 as source port
its a random chosen port by the system
Logged
Juve
Global Moderator
Hero Member
*****
Offline Offline

Posts: 897


--=(BSD)=--


View Profile
« Reply #2 on: October 17, 2006, 12:57:08 pm »
just to be exact.... source port are between 1025 an 65535 (boundaries included)

lowports : 1-1024
highports : 1025-65535


When writing rules you should always specify that connection can be established from X to Y from highports to serverport (eg. 80 for HTTP servers).
Logged
sullrich
Hero Member
*****
Offline Offline

Posts: 5135



View Profile WWW
« Reply #3 on: October 17, 2006, 01:37:56 pm »
As the GUI states, source ports are not needed in 99% of the cases and this is one of them.
Logged
alberts
Newbie
*
Offline Offline

Posts: 5


View Profile
« Reply #4 on: October 17, 2006, 01:56:23 pm »
Thank you.  Specifying the source port was the problem.  I did notice that the gui said a source port isn't needed most of the time.  I just thought that in this case, since it was for the admin panel, it would be a good idea to limit the rule as much as possible.  I guess not.

Thanks again.

BTW, thank you to all of the devs for this wonderful product.  I dropped my custom Gentoo install using Shorewall that had worked for me as a firewall/router over the past 3 years.  I didn't have any problems, but I thought I would try something different.  I'm glad I did.
Logged
sullrich
Hero Member
*****
Offline Offline

Posts: 5135



View Profile WWW
« Reply #5 on: October 17, 2006, 04:11:18 pm »
Quote from: alberts on October 17, 2006, 01:56:23 pm
Thank you.  Specifying the source port was the problem.  I did notice that the gui said a source port isn't needed most of the time.  I just thought that in this case, since it was for the admin panel, it would be a good idea to limit the rule as much as possible.  I guess not.

Thanks again.

BTW, thank you to all of the devs for this wonderful product.  I dropped my custom Gentoo install using Shorewall that had worked for me as a firewall/router over the past 3 years.  I didn't have any problems, but I thought I would try something different.  I'm glad I did.

That is great to hear!

Welcome!!
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

 

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Page created in 0.027 seconds with 19 queries.