External access to opnsense GUI

Started by guest14791, November 04, 2016, 03:24:13 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
February 06, 2021, 08:11:41 PM #15
I am using openvpn to reach the firewall and manage it from there and it seems to be quite fast to deploy. Also woth 2 factor auth, you can get even better security.
The risks exposing your UI/ssh to any IP from internet is a bad practice.
October 22, 2021, 11:47:17 PM #16
Hello guys being new to this IT world in general i started with a PC ,with OPNsense installed ,playing and exploring. I have my PC not in a real wan but inside my ISP's Home Router on a typical Private Network. I just want not to go to the room where my Firewall is to configure it through gui. So i want to see if  MY IP binded with MY MAC-address can access the gui through WAN.The reason firewal is there and not in my PC directly is cause i have 2 server machines directly connected to Firewall so only them are protected from my firewall right now. I just wanted to see if can and actually if it is easy. I do not want to open the gate(I know about security risks i have only the very basic security knowledge but i am mid level network engineer). So i would to have this opportunity only as long as configuring the Firewall some afternoons when i am going from work. That's why i want to be an easy configure to access in order to cancel it wasy anytime. Thank you very much.
December 05, 2022, 06:10:42 PM #17
DISCLAIMER: The following action is not recommended as anyone can try to log onto your firewall admin GUI from the WorldWildWeb and you are inviting trouble.  But, I am providing you the answer, assuming you understand there are better solutions to what you trying to achieve.

To enable Remote WebAdmin access from the WAN (outside world), do this:
One the Firewall GUI, goto:

Firewall -> NAT -> Port Forward -> Click the [ + ] sign to create a new rule as follows:
    Interface:  WAN
    Protocol:    TCP
    Destination: WAN address
    Destination Range: From: 443 (or HTTPS) -- --  To: 443 (or HTTPS)
    Redirect target IP: "Single host or Network" and enter LAN IP of your firewall eg. 192.168.1.1
    Redirect target port: 443 (or HTTPS)

See attached image of what the GUI would show if the rule was entered correctly.  IP address for my OPNsense LAN is: 10.1.10.1

Save + Apply = JOY

Again... probably not the best idea, but there are times you need this to get things going initially. 

Print
Go Up Pages 1 2
User actions