Access HTTPs and SSH from WAN

Started by Albertk, Today at 04:36:59 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 04:36:59 AM
I have setup OpnSense 25.7 and I cannot figure out how to access from the Web UI via the WAN port from the internal lan.  I have create a SSH and HTTPS firewall rule in the WAN interface but still blocked.  I also cannot pin the IP of the OpnSense WAN (192.168.100.101).

Internet <-> Internal network (192.168.100.1/24) <->  OpnSense  <-> Opn Internal LAN (192.168.1.1/24)
Today at 07:18:53 AM #1 Last Edit: Today at 07:21:28 AM by patient0
Can you show the rules you created on the OPNsense WAN interface? Access and ping to the WAN should work when you create a rule on WAN. Usually something like (leave default whats not mentioned):

# for SSH and HTTPS
pass, interface WAN, protocol TCP, destination 'This Firewall', destination ports 22,443.

# for Ping
pass, interface WAN, protocol ICMP, destination 'This Firewall'

You can set 'ICMP Type' to 'Echo Request' if you want to restrict what ICMP querys can be send.


Also disable 'block bogons networks' and 'block private networks' on WAN.
Deciso DEC740
Today at 07:51:14 AM #2
I have create the rules and disable to bogon but still not able to access.   From the OpnSense LAN, I can access the SSH, Ping and HTTPs.
Today at 08:37:42 AM #3
The rules do look absolutely OK. I assume you did press 'Apply changes'?
Deciso DEC740
Today at 08:50:20 AM #4
Yes, I am banging my head against the wall.  I came from pfsense, so I know this should work. 
Today at 09:00:33 AM #5
Does OPNsense get a fixed IP, 192.168.100.101 or is dynamic? Did you disable NAT on OPNsense?

Next step would be Diagnostics > Packet Capture on WAN for ICMP or TCP/22 or TCP/443 and try to access it from 'Internal Network'.
Deciso DEC740
Today at 09:49:56 AM #6
Is the host "on the Internet" from which you are testing actually connected to the same network as the WAN interface of OPNsense? I.e. is there an Ethernet instead of a point to point connection between OPNsense and the uplink router? And you are testing from that network?

In that case: Firewall > Settings > Advanced >  Disable reply-to.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 10:24:14 AM #7
Quote from: Patrick M. Hausen on Today at 09:49:56 AMIs the host "on the Internet" from which you are testing actually connected to the same network as the WAN interface of OPNsense? I.e. is there an Ethernet instead of a point to point connection between OPNsense and the uplink router? And you are testing from that network?

In that case: Firewall > Settings > Advanced >  Disable reply-to.

That fix it.  Thanks.
Print
Go Up Pages1
User actions