"Quote from: EKinox09 on April 28, 2020, 04:22:39 AM
IMPORTANT: The following parameters allow to access LAN from WAN. Use with caution.
Here is the solution and my understanding:
- Allow access from WAN:
Interfaces / WAN: Uncheck "Block private networks" => Without this, OPNsense do not consider private/LAN adresses coming from the WAN. In my case, i have a 192.168.2.0/24 based network as WAN; so, if i don't want to be blocked, i need to uncheck
- Access LAN from WAN:
Need to set up a FW rule: WAN-pass-in-Protocol:IPv4*-Source:WAN Net-Destination:LAN Net
- Make the computer/laptop on the WAN aware of the 10.0.0.0 network:
Need to set up a route to the OPNsense WAN IP for accessing the LAN Network: route add -p 10.0.0.0 mask 255.255.255.0 192.168.2.134 (command for windows, done in a "cmd" windows launched with admin rights
Now the LAN is reacheable from the WAN.
- Ping OPNsense WAN address:
By default, OPNsense do not answer to a ping from WAN. I had difficulties to be sure if the IP was configured correctly. So, in order to have OPNsense answering a ping from WAN, i had a firewall rule: WAN-pass-in-Protocol IPv4 IMCP-Source:WAN Net-Destination:WAN Address (Wan address represent the WAN address of OPNsense)
- Access OPNsense GUI from WAN:
If you want a computer to access the OPNsense GUI from the WAN, setup the following rule: WAN-pass-in-Protocol:IPv4 TCP-Source:IP of your computer-Destination:This firewall-Port:443(HTTPS)
Hope it helps.
Hello everyone, I followed this guide, but I'm unable to ping the IP address of the computer on the LAN.
Does anyone know why it's not working?
Thanks in advance.
