access to WAN gateway webUI

[thierryB]

Hi,
Is it possible to access the WAN gateway web page from the LAN?

If I type from my LAN: https//192.168.2.1, I cannot access it

My LAN: 192.168.1.1/24
Opnsense LAN: 192.168.1.1 (NIC #1)
Opnsense WAN: 192.168.2.2 (NIC #2)
WAN gateway: 192.168.2.1 (NIC #2)

Thanks

[mellow65]

So far I've not had any issues with getting my gateway above my OPNsense (knock on wood), but coming from PSsense, it really didn't want to allow me to get to the gateway interface.  I had to add a new rule to explicitly allow it, and after that, zero issues.  You may try this solution, it may not be the perfect answer, but it may be an answer. 

[BigNutz]

So far I've not had any issues with getting my gateway above my OPNsense (knock on wood), but coming from PSsense, it really didn't want to allow me to get to the gateway interface.  I had to add a new rule to explicitly allow it, and after that, zero issues.  You may try this solution, it may not be the perfect answer, but it may be an answer.

Exactly. So by default OPNsense doesn't have a firewall rules to allow outgoing traffic from LAN. You will have to create one yourself. E.g., (PASS out; From LAN network; To ANY destination).

[mellow65]

Exactly. So by default OPNsense doesn't have a firewall rules to allow outgoing traffic from LAN. You will have to create one yourself. E.g., (PASS out; From LAN network; To ANY destination).

Which is ironic that mine is working just fine, and I haven't set up anything to pass directly to the upstream GW.

[cookiemonster]

So far I've not had any issues with getting my gateway above my OPNsense (knock on wood), but coming from PSsense, it really didn't want to allow me to get to the gateway interface.  I had to add a new rule to explicitly allow it, and after that, zero issues.  You may try this solution, it may not be the perfect answer, but it may be an answer.

Exactly. So by default OPNsense doesn't have a firewall rules to allow outgoing traffic from LAN. You will have to create one yourself. E.g., (PASS out; From LAN network; To ANY destination).

There is a default allow all from LAN rule when setting OPN up. That is not it.

[CJ]

There should be no need to change anything on a default install in order to reach your upstream gateway.

Are you using something other than DHCP for your WAN?  Are you sure that your gateway is listening on https/443?

[thierryB]

Hi,
thank you for your answers. The LAN is already allowed to go out to the WAN.
On the gateway I have nothing other than DHCP and port 443 is open from a LAN address, not from internet address.
I have this route: 192.168.1.10 (PC on lan) -> 192.168.1.1 (opnsense) -> 192.168.2.2 (opnsense WAN ip) -> 192.168.2.1 (Gateway) -> Internet

I can access to internet, no problem there. The problem is that if I stop before, (the gateway) I have no feedback.
The UNBOUND service is enabled. Is there a setting that could prevent me from accessing the gateway interface or anything to do with unbound, only rule in fw?

[tiermutter]

Since the request from PC comes from OPNsense LAN IP (not gateways LAN) the device must allow access from non-LAN IPs. Some devices restrict access to their LAN IPs, maybe there is an option for that.

[CJ]

Hi,
thank you for your answers. The LAN is already allowed to go out to the WAN.
On the gateway I have nothing other than DHCP and port 443 is open from a LAN address, not from internet address.
I have this route: 192.168.1.10 (PC on lan) -> 192.168.1.1 (opnsense) -> 192.168.2.2 (opnsense WAN ip) -> 192.168.2.1 (Gateway) -> Internet

I can access to internet, no problem there. The problem is that if I stop before, (the gateway) I have no feedback.
The UNBOUND service is enabled. Is there a setting that could prevent me from accessing the gateway interface or anything to do with unbound, only rule in fw?

What is the model of your gateway?

[thierryB]

Since the request from PC comes from OPNsense LAN IP (not gateways LAN) the device must allow access from non-LAN IPs. Some devices restrict access to their LAN IPs, maybe there is an option for that.

but for the gateway, the request comes from opnsense which is for the LAN gateway. The gateway (192.168.2.1) sees opnsense in 192.168.2.2 (ip wan for opnsense but ip LAN for the gateway)

[thierryB]

What is the model of your gateway?

It's a Livebox