Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Webgui on WAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: Webgui on WAN (Read 6009 times)
loko
Newbie
Posts: 3
Karma: 0
Webgui on WAN
«
on:
November 20, 2023, 11:36:17 pm »
Hello,
I made a fresh opnsense installation from an ISO.
After the webgui wizzard part is finished, I wanted to access the opnsense webgui also via the WAN.
Therefore I apply a FW rule on the WAN Zone to allow tcp 443.
Then I extend the FW rule for an Any Any, that way I was able to ping the WAN interface, but not webgui.
Under System->Settings->Administration is "Listen interfaces set to 'ALL'
When I check "Enable Secure Shell", I'm able to access ssh via the WAN interface. But still no webgui
I tried to use "pfctl -d" without success.
Can you help me, what im missing?
Cheers
«
Last Edit: November 20, 2023, 11:40:20 pm by loko
»
Logged
macklij
Newbie
Posts: 29
Karma: 1
Re: Webgui on WAN
«
Reply #1 on:
November 21, 2023, 12:15:14 am »
These links may be useful:
https://forum.opnsense.org/index.php?topic=3876.0
https://forum.opnsense.org/index.php?topic=573.0
The obvious dangers are discussed, but they should help.
A useful suggestion seems to be to try disabling reply-to on WAN rules (Firewall > Settings > Advanced)
BTW pfctl -d disables the firewall completely (and maybe NAT too, I am not sure). pfctl -e enables it.
«
Last Edit: November 21, 2023, 12:23:11 am by macklij
»
Logged
loko
Newbie
Posts: 3
Karma: 0
Re: Webgui on WAN
«
Reply #2 on:
November 21, 2023, 09:56:04 am »
Hi macklij,
thanks for your reply.
I had this "reply-to" set to disable on the firewall rule created on WAN.
For testing I changed the webadmin port from 443 to 4443, still no access.
For testing I created a NAT port rule on WAN for destination WAN on port 4443 to the internal LAN IP and 4443, still no access.
Furthermore I dont see any blocked traffic on the Live View in FW diagnostic or even with Packet Capture under Interfaces.
I understand the security risk to make the gui available on WAN but at least I expect to see some blocks or logentries somehow.
Logged
macklij
Newbie
Posts: 29
Karma: 1
Re: Webgui on WAN
«
Reply #3 on:
November 21, 2023, 11:11:33 am »
Just to check the obvious - your ISP isn't blocking https traffic?
Logged
loko
Newbie
Posts: 3
Karma: 0
Re: Webgui on WAN
«
Reply #4 on:
November 21, 2023, 06:56:59 pm »
Hi macklij,
Yep you right. I checked this too, with using a connection from another location with same result, that the webgui isn't reachable.
Logged
macklij
Newbie
Posts: 29
Karma: 1
Re: Webgui on WAN
«
Reply #5 on:
November 21, 2023, 08:19:11 pm »
Well, at least you know what the issue is.
Perhaps you can work round it with a VPN - which is probably safer too
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Webgui on WAN