Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: Albertk on December 03, 2025, 04:36:59 AM

Title: Access HTTPs and SSH from WAN
Post by: Albertk on December 03, 2025, 04:36:59 AM
I have setup OpnSense 25.7 and I cannot figure out how to access from the Web UI via the WAN port from the internal lan.  I have create a SSH and HTTPS firewall rule in the WAN interface but still blocked.  I also cannot pin the IP of the OpnSense WAN (192.168.100.101).

Internet <-> Internal network (192.168.100.1/24) <->  OpnSense  <-> Opn Internal LAN (192.168.1.1/24)
Title: Re: Access HTTPs and SSH from WAN
Post by: patient0 on December 03, 2025, 07:18:53 AM
Can you show the rules you created on the OPNsense WAN interface? Access and ping to the WAN should work when you create a rule on WAN. Usually something like (leave default whats not mentioned):

# for SSH and HTTPS
pass, interface WAN, protocol TCP, destination 'This Firewall', destination ports 22,443.

# for Ping
pass, interface WAN, protocol ICMP, destination 'This Firewall'

You can set 'ICMP Type' to 'Echo Request' if you want to restrict what ICMP querys can be send.


Also disable 'block bogons networks' and 'block private networks' on WAN.
Title: Re: Access HTTPs and SSH from WAN
Post by: Albertk on December 03, 2025, 07:51:14 AM
I have create the rules and disable to bogon but still not able to access.   From the OpnSense LAN, I can access the SSH, Ping and HTTPs.
Title: Re: Access HTTPs and SSH from WAN
Post by: patient0 on December 03, 2025, 08:37:42 AM
The rules do look absolutely OK. I assume you did press 'Apply changes'?
Title: Re: Access HTTPs and SSH from WAN
Post by: Albertk on December 03, 2025, 08:50:20 AM
Yes, I am banging my head against the wall.  I came from pfsense, so I know this should work. 
Title: Re: Access HTTPs and SSH from WAN
Post by: patient0 on December 03, 2025, 09:00:33 AM
Does OPNsense get a fixed IP, 192.168.100.101 or is dynamic? Did you disable NAT on OPNsense?

Next step would be Diagnostics > Packet Capture on WAN for ICMP or TCP/22 or TCP/443 and try to access it from 'Internal Network'.
Title: Re: Access HTTPs and SSH from WAN
Post by: Patrick M. Hausen on December 03, 2025, 09:49:56 AM
Is the host "on the Internet" from which you are testing actually connected to the same network as the WAN interface of OPNsense? I.e. is there an Ethernet instead of a point to point connection between OPNsense and the uplink router? And you are testing from that network?

In that case: Firewall > Settings > Advanced >  Disable reply-to.
Title: Re: Access HTTPs and SSH from WAN
Post by: Albertk on December 03, 2025, 10:24:14 AM
Quote from: Patrick M. Hausen on Today at 09:49:56 AMIs the host "on the Internet" from which you are testing actually connected to the same network as the WAN interface of OPNsense? I.e. is there an Ethernet instead of a point to point connection between OPNsense and the uplink router? And you are testing from that network?

In that case: Firewall > Settings > Advanced >  Disable reply-to.

That fix it.  Thanks.
Text only | Text with Images