[SOLVED]WebUI is accessible over Internet

[Morta]

How I can disable access of WebUI for WAN Port?

[chemlud]

OOTB it's disabled (as long as there is more than WAN iirc). Configure under System -> Settings -> Administration

[Patrick M. Hausen]

Hint: if you are connected to the LAN network and just typing the WAN IP address into your browser, you are still initiating the connection from LAN and are therefore permitted.

To truly test if the administration UI is enabled on WAN you need to be connected to the Internet somehow differently and really come from outside.

[Morta]

OK.

Now I want make the server accessible over http,https with NAT rule.

Can I follow the forum tutorial or have I to change more options?

I did already the forum Tutorial but the WebUI had priorty and doesn’t works.

[Patrick M. Hausen]

Please post

1. all details about your NAT rule
2. a plan of your network including IP addresses
3. a description of what this is supposed to do and in which way it doesn't

"something something doesn't work" is by far too little information to come up with any diagnose.

[Morta]

NAT rules

Bridge

DHCPv4 leases


I want that 5erver(192.168.1.100) webserver is accesible at Port 80,433 on WAN (Router)
So that I can hit free-vpn.ch(85.195.234.234) display the website which is hosted on 5erver behind router.

I can't ping the devices under the LAN. So isn't possible to ping lapt0p(192.168.0.106) to 5erver(192.168.0.100)

[Patrick M. Hausen]

Please show the details of one of the two NAT rules after you clicked on the small "edit/pencil" icon.

[Morta]

I can't also not ping the devices in the same bridge from lapt0p to 5erver as example...

[Patrick M. Hausen]

Change the "Filter rule association" to "Pass" and the "TCP/IP version" to "IPv4". Then it should work.

For IPv6 don't use NAT but create a firewall rule (Firewall > Rules > WAN) permitting ports 80 and 443 to the fixed IPv6 address of your server inbound.

[Morta]

Change the "Filter rule association" to "Pass" and the "TCP/IP version" to "IPv4". Then it should work.

For IPv6 don't use NAT but create a firewall rule (Firewall > Rules > WAN) permitting ports 80 and 443 to the fixed IPv6 address of your server inbound.

It doesn't work.

I can't accessible also not a client in the same bridge network. As example from lap0tp to 5erver. Why?

And the the clients doesn't have a IPv6 from ISP only one from the router. Why?

[Patrick M. Hausen]

Did you try with a device connected to the "outside Internet", i.e. through tethering with your mobile phone?

So called "hairpin" connections from inside to the outside address do not work out of the box. You need extra configuration for that. Let's get the port forwarding straight, first. So please try with an outside device.

Second, I cannot help you with your IPv6 if you don't tell us how precisely your ISP is routing IPv6 down your line. DHCPv6? Prefix delegation? Static prefix or changing every couple of hours? ... and so on. We would need to know all of that.

How familiar are you with basic networking concepts like this? Did you read the OPNsense documentation?

[Morta]

Did you try with a device connected to the "outside Internet", i.e. through tethering with your mobile phone?

So called "hairpin" connections from inside to the outside address do not work out of the box. You need extra configuration for that. Let's get the port forwarding straight, first. So please try with an outside device.

Second, I cannot help you with your IPv6 if you don't tell us how precisely your ISP is routing IPv6 down your line. DHCPv6? Prefix delegation? Static prefix or changing every couple of hours? ... and so on. We would need to know all of that.

How familiar are you with basic networking concepts like this? Did you read the OPNsense documentation?

DHCPv6

https://www.tuxone.ch/2021/02/fiber7-access-mit-pfsense.html

I did that and the clients has now a IPv6 from the ISP






I tried to connect with the Handy and it' doesn't work

[Patrick M. Hausen]

Does the system you named "Server" have the LAN IP address of the OPNsense as its default gateway?

[Morta]

Does the system you named "Server" have the LAN IP address of the OPNsense as its default gateway?

The 5erver have a IP 192.168.1.100 and a fixed IPv6 (ping -v6 joelmueller.ch) from ISP and is a client of the router(opnsens) also directly connected to LAN(bridge0) but I can't ping the local ipv4 neither ipv6.

Yes. ip addr shows me two IPv6 adresse and 192.168.1.100 as IPv4

[Morta]

The IPv6 issue I could fix with change the setting of the WAN port. Now I have a route and can ping a IPv6 adress but I don't understand why I can't ping local IPv4 addresses of the DHCPv4/24 subnet?

So have I to activate a option?