pfSense Gold Subscription

Author Topic: webGUI access from WAN  (Read 31262 times)

0 Members and 1 Guest are viewing this topic.

Offline shdwdrgn

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
webGUI access from WAN
« on: May 13, 2007, 01:03:21 am »
I have a dynamic DNS service set to point to to my router so I can host a webpage behind it.  I have the NAT rules setup so requests on port 80 are sent to the computer, however everytime I try to see if it is working, it just asks me to log into my pfsense box.  I'm not sure if this is because I am trying it from internal, but I would assume it is trying to make the connection by going out and then back in 9I haven't setup NAT reflection yet).  i would really like to prevent access to the webGUI from the WAN port and want to make sure the website will be accessable.

Thank you.

Offline GruensFroeschli

  • Green Frog
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5066
  • Karma: +5/-0
  • No i will not fix your computer!
    • View Profile
    • FFXI related
Re: webGUI access from WAN
« Reply #1 on: May 13, 2007, 01:05:55 am »
try setting the webgui to another port.
system --> general setup
We do what we must, because we can.
(Except when you PM me to help you directly - DONT: keep your issues in the forum)

Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: webGUI access from WAN
« Reply #2 on: May 14, 2007, 12:17:36 pm »
put the webgui on a alternate port.

Then create a firewall rule on the wan interface from any to wan address webgui port.

That should do it.

Offline shdwdrgn

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: webGUI access from WAN
« Reply #3 on: May 14, 2007, 12:26:07 pm »
That fixed the problem with not being able to access the webserver.  Thanks very much.

One other question.  is it possible to block access to the webgui from the WAN port completely?  if so, how?  or do you just have to set it to a random unused port?

What's the recommendation from the experts?

Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: webGUI access from WAN
« Reply #4 on: May 14, 2007, 01:22:48 pm »
If there is no rule to allow traffic to the webgui port on the wan interface it wil not be accesible.

Everything not expressly permitted is denied per default.

Offline shdwdrgn

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: webGUI access from WAN
« Reply #5 on: May 14, 2007, 04:48:07 pm »
Gotcha.  I'll make sure to set it to a port that won't be used for anything else and then ensure that there is no rule setup for it on the WAN port.

Offline akanawa

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: webGUI access from WAN
« Reply #6 on: July 22, 2007, 12:22:32 am »
access from WAN

What rule should I write, and how exactly should I write it if I wish to allow access from the wan port?

Offline sai

  • Sr. Member
  • ****
  • Posts: 383
  • Karma: +0/-0
    • View Profile
Re: webGUI access from WAN
« Reply #7 on: July 22, 2007, 02:38:34 am »
access from WAN

What rule should I write, and how exactly should I write it if I wish to allow access from the wan port?


To allow access the pfSense Web Configurator from the WAN (or Internet):

make a new rule ->

Interface: WAN

Source ip : any (its better to restrict this if you know where you will be accessing from)
Source port: any

Dest Ip: WAN Interface
Dest port : the port that the web gui works on, as set in the General Settings

 :)

Offline akanawa

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: webGUI access from WAN
« Reply #8 on: July 23, 2007, 09:42:55 am »
access from WAN

What rule should I write, and how exactly should I write it if I wish to allow access from the wan port?


To allow access the pfSense Web Configurator from the WAN (or Internet):

make a new rule ->

Interface: WAN

Source ip : any (its better to restrict this if you know where you will be accessing from)
Source port: any

Dest Ip: WAN Interface
Dest port : the port that the web gui works on, as set in the General Settings

 :)

Thank you


I'll have to offsite later, too see if it worked

Offline shreckbull

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
Re: webGUI access from WAN
« Reply #9 on: July 23, 2007, 11:26:30 am »
Why, pfsense developpers, don't create a little function for enable/disable WAN access with a form "EN/DISABLE button" and with, if configuration not good, a form for create SSL certificat AND select an other port (not 80/443) ...

???

Or if a developper, like this concept, why not developpe a package ... ?

I think itsn't complicated to do ...
« Last Edit: July 23, 2007, 11:30:48 am by shreckbull »

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: webGUI access from WAN
« Reply #10 on: July 23, 2007, 11:52:09 am »
No thanks.  This option is not useful and would only clutter the interface.  Add a firewall rule to permit the traffic.

Offline jahonix

  • Hero Member
  • *****
  • Posts: 845
  • Karma: +0/-0
    • View Profile
Re: webGUI access from WAN
« Reply #11 on: July 23, 2007, 12:00:39 pm »
Why, pfsense developpers, don't create a little function for enable/disable WAN access with a form "EN/DISABLE button"

You already have this.
On the WAN rules page hit the green permit button left of the rule and it gets light green. This means it's disabled. Hit it again to re-enable.
Chris


Theoretically, theory and practis should be the same.
Practically they aren't.