OPNsense Forum

English Forums => General Discussion => Topic started by: acrane on June 04, 2018, 08:36:28 pm

Title: [SOLVED] Unable to access WebGUI via WAN interface
Post by: acrane on June 04, 2018, 08:36:28 pm
I have a fresh 18.1 install that I'm testing. It's currently on my private network with an RFC1918 DHCP-assigned WAN address.
Problem is, despite enabling access from WAN Net, and removed the Interface's restriction on RFC1918 sourced addresses, I cannot access the installation's WebGUI via the WAN interface. Even if I enable very permissive pass rules, I still seeing Default Deny rule hits from WAN Net addresses in the firewall log. I see the WAN's MAC address in other hosts' ARP tables, but I'm not getting echo replies, or access via the WebGUI on TCP:443.

I can ping out from the interface with no problem.

Ideas welcome! Many thanks.
Title: Re: Unable to access WebGUI via WAN interface
Post by: franco on June 05, 2018, 10:01:25 pm
Hi,

Two candidates, could be one or the other or both:

1. You need to disable reply-to globally for your test setup (Firewall: Settings: Advanced)

2. If you have a LAN, WAN is not permitted to receive web GUI connections by default. Add a pass rule under Firewall: Rules: [WAN].


Cheers,
Franco

Title: Re: Unable to access WebGUI via WAN interface
Post by: acrane on June 06, 2018, 09:12:54 pm
Thank you so much.
Disabling reply-to on WAN rules did the trick.
 :)
Title: Re: Unable to access WebGUI via WAN interface
Post by: franco on June 12, 2018, 09:39:03 am
Yay, happy to help!  8)


Cheers,
Franco
Title: Re: [SOLVED] Unable to access WebGUI via WAN interface
Post by: kp74508 on August 29, 2018, 09:07:38 pm
Hi Franco,

I had the same issue and your very helpful advice of Disabling reply-to at the firewall setting solved my problem. However, I am a bit confused.

Now when I create a new rule, that field is unchecked on the rule. It seems like the firewall setting is overriding the option selected on the rule. If this is the case, I would expect the option the on the rule to be greyed out. If the firewall setting does not override the rule, I would expect the option on the rule to default to the firewall setting. What do you think?