access to WAN gateway webUI

Started by thierryB, March 04, 2024, 04:50:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 04, 2024, 04:50:47 PM Last Edit: March 04, 2024, 04:54:14 PM by thierryB
Hi,
Is it possible to access the WAN gateway web page from the LAN?

If I type from my LAN: https//192.168.2.1, I cannot access it

My LAN: 192.168.1.1/24
Opnsense LAN: 192.168.1.1 (NIC #1)
Opnsense WAN: 192.168.2.2 (NIC #2)
WAN gateway: 192.168.2.1 (NIC #2)

Thanks
March 04, 2024, 05:10:39 PM #1
So far I've not had any issues with getting my gateway above my OPNsense (knock on wood), but coming from PSsense, it really didn't want to allow me to get to the gateway interface.  I had to add a new rule to explicitly allow it, and after that, zero issues.  You may try this solution, it may not be the perfect answer, but it may be an answer. 
March 04, 2024, 05:30:20 PM #2
Quote from: mellow65 on March 04, 2024, 05:10:39 PM
So far I've not had any issues with getting my gateway above my OPNsense (knock on wood), but coming from PSsense, it really didn't want to allow me to get to the gateway interface.  I had to add a new rule to explicitly allow it, and after that, zero issues.  You may try this solution, it may not be the perfect answer, but it may be an answer.

Exactly. So by default OPNsense doesn't have a firewall rules to allow outgoing traffic from LAN. You will have to create one yourself. E.g., (PASS out; From LAN network; To ANY destination).
March 04, 2024, 10:14:59 PM #3
Quote from: BigNutz on March 04, 2024, 05:30:20 PM

Exactly. So by default OPNsense doesn't have a firewall rules to allow outgoing traffic from LAN. You will have to create one yourself. E.g., (PASS out; From LAN network; To ANY destination).

Which is ironic that mine is working just fine, and I haven't set up anything to pass directly to the upstream GW.
March 04, 2024, 10:39:59 PM #4
Quote from: BigNutz on March 04, 2024, 05:30:20 PM
Quote from: mellow65 on March 04, 2024, 05:10:39 PM
So far I've not had any issues with getting my gateway above my OPNsense (knock on wood), but coming from PSsense, it really didn't want to allow me to get to the gateway interface.  I had to add a new rule to explicitly allow it, and after that, zero issues.  You may try this solution, it may not be the perfect answer, but it may be an answer.

Exactly. So by default OPNsense doesn't have a firewall rules to allow outgoing traffic from LAN. You will have to create one yourself. E.g., (PASS out; From LAN network; To ANY destination).
There is a default allow all from LAN rule when setting OPN up. That is not it.
March 05, 2024, 03:04:19 PM #5
There should be no need to change anything on a default install in order to reach your upstream gateway.

Are you using something other than DHCP for your WAN?  Are you sure that your gateway is listening on https/443?
March 05, 2024, 06:53:24 PM #6
Hi,
thank you for your answers. The LAN is already allowed to go out to the WAN.
On the gateway I have nothing other than DHCP and port 443 is open from a LAN address, not from internet address.
I have this route: 192.168.1.10 (PC on lan) -> 192.168.1.1 (opnsense) -> 192.168.2.2 (opnsense WAN ip) -> 192.168.2.1 (Gateway) -> Internet

I can access to internet, no problem there. The problem is that if I stop before, (the gateway) I have no feedback.
The UNBOUND service is enabled. Is there a setting that could prevent me from accessing the gateway interface or anything to do with unbound, only rule in fw?
March 05, 2024, 07:33:13 PM #7
Since the request from PC comes from OPNsense LAN IP (not gateways LAN) the device must allow access from non-LAN IPs. Some devices restrict access to their LAN IPs, maybe there is an option for that.
i am not an expert... just trying to help...
March 06, 2024, 04:15:30 PM #8
Quote from: thierryB on March 05, 2024, 06:53:24 PM
Hi,
thank you for your answers. The LAN is already allowed to go out to the WAN.
On the gateway I have nothing other than DHCP and port 443 is open from a LAN address, not from internet address.
I have this route: 192.168.1.10 (PC on lan) -> 192.168.1.1 (opnsense) -> 192.168.2.2 (opnsense WAN ip) -> 192.168.2.1 (Gateway) -> Internet

I can access to internet, no problem there. The problem is that if I stop before, (the gateway) I have no feedback.
The UNBOUND service is enabled. Is there a setting that could prevent me from accessing the gateway interface or anything to do with unbound, only rule in fw?

What is the model of your gateway?
March 11, 2024, 09:29:52 AM #9
Quote from: tiermutter on March 05, 2024, 07:33:13 PM
Since the request from PC comes from OPNsense LAN IP (not gateways LAN) the device must allow access from non-LAN IPs. Some devices restrict access to their LAN IPs, maybe there is an option for that.

but for the gateway, the request comes from opnsense which is for the LAN gateway. The gateway (192.168.2.1) sees opnsense in 192.168.2.2 (ip wan for opnsense but ip LAN for the gateway)
March 11, 2024, 09:30:50 AM #10
Quote from: CJ on March 06, 2024, 04:15:30 PM
What is the model of your gateway?

It's a Livebox
Print
Go Up Pages1
User actions