The pfSense Store

Author Topic: Accessing the WebGUI via WAN (Yes, I read the FAQ) [RESOLVED]  (Read 2804 times)

0 Members and 1 Guest are viewing this topic.

Offline alberts

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Accessing the WebGUI via WAN (Yes, I read the FAQ) [RESOLVED]
« on: October 17, 2006, 12:25:47 pm »
I read the wiki FAQ and followed it; however, I still can't access the WebGUI remotely.  I've enabled https and changed the port to 10001.  I'm able to access the gui from lan no problem with https://mybox.com:10001 with no problem.  I added a rule on the WAN with the following:
Code: [Select]
Action: PASS
Disabled: NO
Interface: WAN
Protocol: TCP
Source:
   Type: NETWORK
   Adress: 205.215.0.0/16
Source Port Range:
   From: Other - 10001
   To: Other - 10001
Source OS: ANY
Destination:
   Type: WAN ADDRESS
Destination Port Range:
   From: Other - 10001
   To: Other - 10001
Log: NO
Advanced Options: None
State Type: Keep State
No XMLRPC Sync: No
Gateway: Default
Is there something else I need to do?  I have no problem with any other rules I have created.
Thanks
« Last Edit: October 17, 2006, 01:56:46 pm by alberts »

Offline jeroen234

  • Sr. Member
  • ****
  • Posts: 505
  • Karma: +0/-0
    • View Profile
Re: Accessing the WebGUI via WAN (Yes, I read the FAQ)
« Reply #1 on: October 17, 2006, 12:40:32 pm »
drop the source ports  in the rule
a connection to www.msn.com on port 80 ca have 1 till 65000 as source port
its a random chosen port by the system


Offline Juve

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 914
  • Karma: +0/-0
  • --=(BSD)=--
    • View Profile
Re: Accessing the WebGUI via WAN (Yes, I read the FAQ)
« Reply #2 on: October 17, 2006, 12:57:08 pm »
just to be exact.... source port are between 1025 an 65535 (boundaries included)

lowports : 1-1024
highports : 1025-65535


When writing rules you should always specify that connection can be established from X to Y from highports to serverport (eg. 80 for HTTP servers).



Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: Accessing the WebGUI via WAN (Yes, I read the FAQ)
« Reply #3 on: October 17, 2006, 01:37:56 pm »
As the GUI states, source ports are not needed in 99% of the cases and this is one of them.

Offline alberts

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Accessing the WebGUI via WAN (Yes, I read the FAQ)
« Reply #4 on: October 17, 2006, 01:56:23 pm »
Thank you.  Specifying the source port was the problem.  I did notice that the gui said a source port isn't needed most of the time.  I just thought that in this case, since it was for the admin panel, it would be a good idea to limit the rule as much as possible.  I guess not.

Thanks again.

BTW, thank you to all of the devs for this wonderful product.  I dropped my custom Gentoo install using Shorewall that had worked for me as a firewall/router over the past 3 years.  I didn't have any problems, but I thought I would try something different.  I'm glad I did.

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: Accessing the WebGUI via WAN (Yes, I read the FAQ)
« Reply #5 on: October 17, 2006, 04:11:18 pm »
Thank you.  Specifying the source port was the problem.  I did notice that the gui said a source port isn't needed most of the time.  I just thought that in this case, since it was for the admin panel, it would be a good idea to limit the rule as much as possible.  I guess not.

Thanks again.

BTW, thank you to all of the devs for this wonderful product.  I dropped my custom Gentoo install using Shorewall that had worked for me as a firewall/router over the past 3 years.  I didn't have any problems, but I thought I would try something different.  I'm glad I did.

That is great to hear!

Welcome!!