Access GUI from WAN

[Chapter]

Good afternoon,

I'm trying to access the GUI from the WAN side but so far I have not been able to get it.

I have reviewed several old posts and have done the following:

Firewall - Rules - WAN

Action: pass
Interface: WAN
Protocol: TCP
Source: Any
Destination: WAN Address
Destination port range: 3443
Reply-to: Disable

But when I try to connect from outside my LAN with publicIP:3443 I get:

Code: [Select]

Network Error (tcp_error)
A communication error occurred: ""
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
Anyone have any idea how to fix this?

[chemlud]

have you enabled the webserver to listen on WAN (totally unsafe, you know what you are doing, I guess ;-) )

[Chapter]

Yes, I know it is not safe  . This rule will be normally disabled and I temporarily enable it using the VPN in my phone because on my laptop at work I cannot connect using the VPN.

By webserver you mean System - Settings - Administration - Listen interfaces? I have it set to "All"


Regards

[chemlud]

and there you changed the port to 4334?  or do you have a port forward in place?

[Chapter]

Yes, mi port there is 3443

From the LAN side I open the GUI using OPNSense_IP:3443

I do not have any port forwarding configured

Regards

[chemlud]

package capture on WAN 3443 shows incomming packages? and replies?

[Chapter]

This is what I get when I do a packet capture in the WAN interface, protocol TCP and port 3443

I do not see any reply from OPNSense

Code: [Select]

Interface Capture output
WAN
vtnet0_vlan300 18:16:48.442074 IP My_Device_Public_IP.58564 > OPNSense_Public_IP.3443: tcp 0
WAN
vtnet0_vlan300 18:16:48.442168 IP My_Device_Public_IP.58565 > OPNSense_Public_IP.3443: tcp 0
WAN
vtnet0_vlan300 18:16:49.109031 IP My_Device_Public_IP.58566 > OPNSense_Public_IP.3443: tcp 0
WAN
vtnet0_vlan300 18:17:05.741086 IP My_Device_Public_IP.58568 > OPNSense_Public_IP.3443: tcp 0
WAN
vtnet0_vlan300 18:17:05.741130 IP My_Device_Public_IP.58567 > OPNSense_Public_IP.3443: tcp 0
WAN
vtnet0_vlan300 18:17:05.980699 IP My_Device_Public_IP.58569 > OPNSense_Public_IP.3443: tcp 0
WAN
vtnet0_vlan300 18:17:06.761665 IP My_Device_Public_IP.58567 > OPNSense_Public_IP.3443: tcp 0
WAN
vtnet0_vlan300 18:17:06.761786 IP My_Device_Public_IP.58568 > OPNSense_Public_IP.3443: tcp 0
WAN
vtnet0_vlan300 18:17:06.980710 IP My_Device_Public_IP.58569 > OPNSense_Public_IP.3443: tcp 0
WAN
vtnet0_vlan300 18:17:08.740577 IP My_Device_Public_IP.58567 > OPNSense_Public_IP.3443: tcp 0

[chemlud]

screenshot of WAN fw rule and settings page for GUI (interfaces and port) please...

[Chapter]

Here are the screenshots

WAN Rule:


Settings:

[chemlud]

hmmm, Listen Interfaces are not on the screenshot ;-)

If you are lucky, a logging fw rule ist blocking the traffic, have a look in the logs. Otherwise screen WAN and Floating rules for blocking rules (you might disable the pf and see if you can access the GUI on WAN, then there is definitely a fw rule blocking).

[Chapter]

I don't know what happened but I deleted the WAN rule and after creating it again it started working

Thanks for your help