Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: thierryB on March 04, 2024, 04:50:47 PM

Title: access to WAN gateway webUI
Post by: thierryB on March 04, 2024, 04:50:47 PM
Hi,
Is it possible to access the WAN gateway web page from the LAN?

If I type from my LAN: https//192.168.2.1, I cannot access it

My LAN: 192.168.1.1/24
Opnsense LAN: 192.168.1.1 (NIC #1)
Opnsense WAN: 192.168.2.2 (NIC #2)
WAN gateway: 192.168.2.1 (NIC #2)

Thanks
Title: Re: access to WAN gateway webUI
Post by: mellow65 on March 04, 2024, 05:10:39 PM
So far I've not had any issues with getting my gateway above my OPNsense (knock on wood), but coming from PSsense, it really didn't want to allow me to get to the gateway interface.  I had to add a new rule to explicitly allow it, and after that, zero issues.  You may try this solution, it may not be the perfect answer, but it may be an answer. 
Title: Re: access to WAN gateway webUI
Post by: BigNutz on March 04, 2024, 05:30:20 PM
Quote from: mellow65 on March 04, 2024, 05:10:39 PM
So far I've not had any issues with getting my gateway above my OPNsense (knock on wood), but coming from PSsense, it really didn't want to allow me to get to the gateway interface.  I had to add a new rule to explicitly allow it, and after that, zero issues.  You may try this solution, it may not be the perfect answer, but it may be an answer.

Exactly. So by default OPNsense doesn't have a firewall rules to allow outgoing traffic from LAN. You will have to create one yourself. E.g., (PASS out; From LAN network; To ANY destination).
Title: Re: access to WAN gateway webUI
Post by: mellow65 on March 04, 2024, 10:14:59 PM
Quote from: BigNutz on March 04, 2024, 05:30:20 PM

Exactly. So by default OPNsense doesn't have a firewall rules to allow outgoing traffic from LAN. You will have to create one yourself. E.g., (PASS out; From LAN network; To ANY destination).

Which is ironic that mine is working just fine, and I haven't set up anything to pass directly to the upstream GW.
Title: Re: access to WAN gateway webUI
Post by: cookiemonster on March 04, 2024, 10:39:59 PM
Quote from: BigNutz on March 04, 2024, 05:30:20 PM
Quote from: mellow65 on March 04, 2024, 05:10:39 PM
So far I've not had any issues with getting my gateway above my OPNsense (knock on wood), but coming from PSsense, it really didn't want to allow me to get to the gateway interface.  I had to add a new rule to explicitly allow it, and after that, zero issues.  You may try this solution, it may not be the perfect answer, but it may be an answer.

Exactly. So by default OPNsense doesn't have a firewall rules to allow outgoing traffic from LAN. You will have to create one yourself. E.g., (PASS out; From LAN network; To ANY destination).
There is a default allow all from LAN rule when setting OPN up. That is not it.
Title: Re: access to WAN gateway webUI
Post by: CJ on March 05, 2024, 03:04:19 PM
There should be no need to change anything on a default install in order to reach your upstream gateway.

Are you using something other than DHCP for your WAN?  Are you sure that your gateway is listening on https/443?
Title: Re: access to WAN gateway webUI
Post by: thierryB on March 05, 2024, 06:53:24 PM
Hi,
thank you for your answers. The LAN is already allowed to go out to the WAN.
On the gateway I have nothing other than DHCP and port 443 is open from a LAN address, not from internet address.
I have this route: 192.168.1.10 (PC on lan) -> 192.168.1.1 (opnsense) -> 192.168.2.2 (opnsense WAN ip) -> 192.168.2.1 (Gateway) -> Internet

I can access to internet, no problem there. The problem is that if I stop before, (the gateway) I have no feedback.
The UNBOUND service is enabled. Is there a setting that could prevent me from accessing the gateway interface or anything to do with unbound, only rule in fw?
Title: Re: access to WAN gateway webUI
Post by: tiermutter on March 05, 2024, 07:33:13 PM
Since the request from PC comes from OPNsense LAN IP (not gateways LAN) the device must allow access from non-LAN IPs. Some devices restrict access to their LAN IPs, maybe there is an option for that.
Title: Re: access to WAN gateway webUI
Post by: CJ on March 06, 2024, 04:15:30 PM
Quote from: thierryB on March 05, 2024, 06:53:24 PM
Hi,
thank you for your answers. The LAN is already allowed to go out to the WAN.
On the gateway I have nothing other than DHCP and port 443 is open from a LAN address, not from internet address.
I have this route: 192.168.1.10 (PC on lan) -> 192.168.1.1 (opnsense) -> 192.168.2.2 (opnsense WAN ip) -> 192.168.2.1 (Gateway) -> Internet

I can access to internet, no problem there. The problem is that if I stop before, (the gateway) I have no feedback.
The UNBOUND service is enabled. Is there a setting that could prevent me from accessing the gateway interface or anything to do with unbound, only rule in fw?

What is the model of your gateway?
Title: Re: access to WAN gateway webUI
Post by: thierryB on March 11, 2024, 09:29:52 AM
Quote from: tiermutter on March 05, 2024, 07:33:13 PM
Since the request from PC comes from OPNsense LAN IP (not gateways LAN) the device must allow access from non-LAN IPs. Some devices restrict access to their LAN IPs, maybe there is an option for that.

but for the gateway, the request comes from opnsense which is for the LAN gateway. The gateway (192.168.2.1) sees opnsense in 192.168.2.2 (ip wan for opnsense but ip LAN for the gateway)
Title: Re: access to WAN gateway webUI
Post by: thierryB on March 11, 2024, 09:30:50 AM
Quote from: CJ on March 06, 2024, 04:15:30 PM
What is the model of your gateway?

It's a Livebox
Text only | Text with Images