pfSense Support Subscription

Author Topic: Can't acces WebGUI from the WAN, even though there is a rule for it  (Read 217 times)

0 Members and 1 Guest are viewing this topic.

Offline mwilhelm91

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Hey there,

 I have the problem that I can't access the WebGUI from the WAN, even though I have configured a firewall rule that should it allow it.

The rule:

Action: Pass
Interface: WAN
Address Familiy: IPv4+IPv6
Protocol: TCP
Source: any
Destination: WAN address
Port Range: HTTPS(443)

The only way I can connect to the WebGUI from the WAN is by disabling the firewall rules per shell with pfctl -d. As soon as I enable the rule I can't access the WebGUI.

I really don't know what to do here, because all tips I found say you have to make the rule I already implemented.

Any help would be appreciated.

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
Re: Can't acces WebGUI from the WAN, even though there is a rule for it
« Reply #1 on: November 08, 2017, 12:43:26 pm »
Hi,

Your WAN is directly connected to the net ? (what is the WAN interface IP ?)

Online kejianshi

  • Hero Member
  • *****
  • Posts: 4950
  • Karma: +195/-40
  • Debugging...
    • View Profile
Re: Can't acces WebGUI from the WAN, even though there is a rule for it
« Reply #2 on: November 08, 2017, 12:46:10 pm »
Probably need to uncheck the "block private" on the wan interface.

Offline mwilhelm91

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Can't acces WebGUI from the WAN, even though there is a rule for it
« Reply #3 on: November 09, 2017, 01:10:13 am »
The pfSense OS is running on a VM. I want to access from the internal network, the WAN interface is connected to it (some private IP address). I already unchecked the blocking of private IPs, so that's sadly not the problem.

Online kejianshi

  • Hero Member
  • *****
  • Posts: 4950
  • Karma: +195/-40
  • Debugging...
    • View Profile
Re: Can't acces WebGUI from the WAN, even though there is a rule for it
« Reply #4 on: November 09, 2017, 07:58:48 am »
When you say "internal" network, can you elaborate? 

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
Re: Can't acces WebGUI from the WAN, even though there is a rule for it
« Reply #5 on: November 09, 2017, 11:27:43 am »
The pfSense OS is running on a VM.....
So it's more a VM issue (VM setup).
That explains ... your rule is ok, I used the same in the past.

Online kejianshi

  • Hero Member
  • *****
  • Posts: 4950
  • Karma: +195/-40
  • Debugging...
    • View Profile
Re: Can't acces WebGUI from the WAN, even though there is a rule for it
« Reply #6 on: November 09, 2017, 11:31:04 am »
I have one for test running as VM and allowing access via the WAN works fine, so I'm wondering about your rules being used on the WAN.  I'm pretty sure I put a "pass all" rule there, since nothing is going to reach the wan unless I allow it anyway.  Its labeled wrong.  I initially tried to pass HTTPS as you did and it was failing so I passed all and it worked.  Not a security issue for me since it is firewalled by a physical pfsense. 
« Last Edit: November 09, 2017, 11:43:20 am by kejianshi »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14456
  • Karma: +1337/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Can't acces WebGUI from the WAN, even though there is a rule for it
« Reply #7 on: November 12, 2017, 05:56:22 am »
What?  You are suggesting someone put a any any rule on their wan?  That is some bad advice... Reader please do not do this!!  No matter what sort of setup you have.. Unless really are your wanting to do with pfsense is just route.. If so then turn off nat..

If those are your wan rules, and your webgui is listening on 443 then that would work.. Please post a picture of your want rules.  Do you have any rules in floating?  Please show your webgui listening on 443..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE (home)

Online kejianshi

  • Hero Member
  • *****
  • Posts: 4950
  • Karma: +195/-40
  • Debugging...
    • View Profile
Re: Can't acces WebGUI from the WAN, even though there is a rule for it
« Reply #8 on: November 12, 2017, 06:42:33 am »
I assume his isn't connected to the web?  If so, port forwarding to the gui would also be insane.