OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: mic333 on July 20, 2015, 08:36:09 pm

Title: [SOLVED] Allow webinterface access from WAN
Post by: mic333 on July 20, 2015, 08:36:09 pm

hello
im trying to configure opnsense to allow webinterface access from WAN (virtualbox). I check many configurations and no luck.
1.disable bogon and private networks - didnot help
2. create pass rule on wan (any to any) - didnot help
3. anti lockout rule disable -  didnot help

Is there any way to configure this ?

Title: Re: Allow webinterface access from WAN
Post by: phoenix on July 20, 2015, 08:38:51 pm

Surely you don't want to allow the world access to your firewall, that's not really good practice. Can't you use a VPN to get access to it?

Title: Re: Allow webinterface access from WAN
Post by: franco on July 20, 2015, 09:41:20 pm

If you do a test run in Virtual Box, on the interface assignment use don't assign a LAN (just hit enter) and then assign WAN to a bridged (or properly NATed interface). Then you'll have WAN access by default.

Title: Re: Allow webinterface access from WAN
Post by: mic333 on July 21, 2015, 09:20:27 am

Quote from: phoenix on July 20, 2015, 08:38:51 pm

Surely you don't want to allow the world access to your firewall, that's not really good practice. Can't you use a VPN to get access to it?

yes i now that, this is no good practice but for testing in virtualbox it can be very helpfull

Quote from: franco on July 20, 2015, 09:41:20 pm

If you do a test run in Virtual Box, on the interface assignment use don't assign a LAN (just hit enter) and then assign WAN to a bridged (or properly NATed interface). Then you'll have WAN access by default.

Thanks for the answer but i want a real working env. (2 cards and more). i can disable firewall by command pfctl -d, but after change something (submit) in panel it will automatic turn on and block me out. no port forward, rules on wan any to any not working.
On virtualbox network is set to WAN(bridge) and LAN(im trying with HOST an INTERNAL) if opnsense cant open this ports, maybe there is a configuration to bridge LAN side with the host runing virtualbox?

Title: Re: Allow webinterface access from WAN
Post by: franco on July 21, 2015, 02:24:53 pm

Well, try what I said, add an additional pass rule for port 443/tcp from WAN any to WAN address. After that, add the LAN through the GUI and after apply--given that the pass rule works--you can still access the GUI from WAN.

Title: Re: Allow webinterface access from WAN
Post by: AdSchellevis on September 03, 2015, 02:28:06 pm

In case the firewall rule on WAN fails to work, you probably need to disable the "route-to" option on this firewall rule.

Go to the firewall rule on wan, then "Advanced Options" and check "This will disable auto generated reply-to for this rule." this lets you access the firewall from another host within the same net without using the gateway.