WEBGUI inaccessible via WAN

[PCG]

Good morning,

Here is my project, I have an OPNsense instance on the OVH Public Cloud.
I have access to my Webgui via my WAN address and it suits me perfectly, only as soon as I activate a LAN interface, I no longer have access to my graphical interface via the WAN.

I only have access to it if I make the shell command pfctl -d. A deactivation of my firewall.

Yet I have a rule in place that is like this:

Traffic entrant : Protocole : TCP ; Source : My IP Public ; Port : 4443 ;  Destination : This Firewall ; Port : 4443

And yet if I don't order pfctl -d , When I add a LAN interface, I can't access my OPNsense on the web.


In the logs I find this refusal : INT WAN -> Traffic entrant -> My IP Public:52475 -> IP PUBLIC on my OPNsense:4443 -> Protocole tcp -> Default deny / state violation rule

I look forward to your help! ;D :D
Thanks

[Patrick M. Hausen]

Traffic entrant : Protocole : TCP ; Source : My IP Public ; Port : 4443 ;  Destination : This Firewall ; Port : 4443

Change to:

Traffic entrant : Protocole : TCP ; Source : My IP Public ; Port : * ;  Destination : This Firewall ; Port : 4443

[PCG]

I'm so stupid... it's not like I saw that my public IP came with several different ports and not just 4443...
In any case, it works! Thanks a lot !

On the other hand, I cannot get the understanding of:
with the wrong source port, I can access the webgui, without LAN added. However, as soon as I add a LAN, I no longer have access to it. It's really this understanding that I don't master.

[Patrick M. Hausen]

Possibly the automagic "anti-lockout" rule? I have that disabled everywhere. I prefer explicit configuration and I don't like intransparent magic happening. Same for NAT - all on manual, here. YMMV as always.