Hello,
I made a fresh opnsense installation from an ISO.
After the webgui wizzard part is finished, I wanted to access the opnsense webgui also via the WAN.
Therefore I apply a FW rule on the WAN Zone to allow tcp 443.
Then I extend the FW rule for an Any Any, that way I was able to ping the WAN interface, but not webgui.
Under System->Settings->Administration is "Listen interfaces set to 'ALL'
When I check "Enable Secure Shell", I'm able to access ssh via the WAN interface. But still no webgui
I tried to use "pfctl -d" without success.
Can you help me, what im missing?
Cheers
These links may be useful:
https://forum.opnsense.org/index.php?topic=3876.0
https://forum.opnsense.org/index.php?topic=573.0
The obvious dangers are discussed, but they should help.
A useful suggestion seems to be to try disabling reply-to on WAN rules (Firewall > Settings > Advanced)
BTW pfctl -d disables the firewall completely (and maybe NAT too, I am not sure). pfctl -e enables it.
Hi macklij,
thanks for your reply.
I had this "reply-to" set to disable on the firewall rule created on WAN.
For testing I changed the webadmin port from 443 to 4443, still no access.
For testing I created a NAT port rule on WAN for destination WAN on port 4443 to the internal LAN IP and 4443, still no access.
Furthermore I dont see any blocked traffic on the Live View in FW diagnostic or even with Packet Capture under Interfaces.
I understand the security risk to make the gui available on WAN but at least I expect to see some blocks or logentries somehow.
Just to check the obvious - your ISP isn't blocking https traffic?
Hi macklij,
Yep you right. I checked this too, with using a connection from another location with same result, that the webgui isn't reachable.
Well, at least you know what the issue is.
Perhaps you can work round it with a VPN - which is probably safer too