Show Posts
1
General Discussion / Allow GUI access on WAN when WAN is on the LAN
« on: January 16, 2019, 01:56:02 pm »
I am trying to use opnsense to create a lab environment.
The topology is this:
LABLAN (192.168.252.0/22) <--> WANLAN (192.168.1.97) <--> REALWAN (public internet).
So, this is a lab network that is inside our office network, where the lab network's "WAN" address is a private IP address on our LAN.
This works, and the machines on the LABLAN can access the internet (Example path: 192.168.252.100 -> 192.168.252.1 -> 192.168.1.97 -> 192.168.1.1 -> public internet
Here's my problem:
I want to be able to manage the firewall from the office LAN (192.168.1.100), which means I have to access the OpnSense firewall on 192.168.1.97.
To do this, I took the following steps:
[li]Changed the management port to 8443[/li][/list]
Created a NAT rule to forward TCP with a destination of 8443 on the WAN address to the LAN address for the firewall at the same port
[/list]
This does not work. Firewall logs show that the traffic was allowed (I see a "pass" entry with the source IP of my workstation and a destination IP of the WAN), but I cannot access the gui.
This works with pfSense, tomato firmware, and other firewalls I have used. But, it seems I have missed a step here.
Does anyone know how to make this work?
The topology is this:
LABLAN (192.168.252.0/22) <--> WANLAN (192.168.1.97) <--> REALWAN (public internet).
So, this is a lab network that is inside our office network, where the lab network's "WAN" address is a private IP address on our LAN.
This works, and the machines on the LABLAN can access the internet (Example path: 192.168.252.100 -> 192.168.252.1 -> 192.168.1.97 -> 192.168.1.1 -> public internet
Here's my problem:
I want to be able to manage the firewall from the office LAN (192.168.1.100), which means I have to access the OpnSense firewall on 192.168.1.97.
To do this, I took the following steps:
- Turned off "block private networks"
[li]Changed the management port to 8443[/li][/list]
Created a NAT rule to forward TCP with a destination of 8443 on the WAN address to the LAN address for the firewall at the same port
[/list]
This does not work. Firewall logs show that the traffic was allowed (I see a "pass" entry with the source IP of my workstation and a destination IP of the WAN), but I cannot access the gui.
This works with pfSense, tomato firmware, and other firewalls I have used. But, it seems I have missed a step here.
Does anyone know how to make this work?