Freebsd – Create a rule using shell in fresh pfSense installation to open up WAN access to WebConfigurator

freebsdpfpfsense

I am in a situation where I require WAN access to be opened up to the WebConfigurator through pfSense because I do not have another node connected to the same network to access WebConfigurator from the inside. Ideally I would like to just do this in shell and either directly modify pf's config to "allow all" just long enough for me to open up WAN access to WebConfigurator from my IP, or modify config.xml to add that rule manually. Does anybody have any insight into how to accomplish this?

Best Answer

Try this on the shell to disable PF temporarily:

pfctl -d

Then once you are able to login and create the rules turn PF back on with:

pfctl -e

I've had to do exactly what you describe before when I locked myself out remotely.

Related Solutions

Nat – pfsense nat between two internal ip

Assuming:

pbx -> 192.168.2.0/24 -> pfsense1 -> WAN(site-to-site) <-pfsense2 <- 192.168.1.0/24 <- phones

Here's one way you could do this.

Prep:

Add route in pfsense1 for 192.168.1.0/24 using either pfsense2 WAN IP or VPN tunnel for gateway.
Add firewall rule in pfsense1 to allow necessary incoming ports FROM 192.168.1.0/24
Add route in pfsense2 for 192.168.2.0/24 using either pfsense1 WAN IP or VPN tunnel for gateway.
Add firewall rule in pfsense2 to allow necessary incoming ports FROM 192.168.2.0/24

Changeover:

Change config on phones to look for PBX on 192.168.2.160.
Change config on phones to use pfsense2 as default gateway.
Change pbx to ip 192.168.2.160.
Change pbx default gateway to pfsense1.

Keep in mind that you need to know what ports the phones use, and you have to unblock those in the firewalls. Also keep in mind that depending on your hardware you may lose some functionality in the phones when working across VPN tunnels / WAN links. For example, 3com NBX's use multicast for time updates, status lights, and paging. Some hardware will simply not support multicast forwarding across a VPN channel - which means these features won't work on remote phones.

I would recommend setting up some kind of computer at the remote site, and then setting up the configs in the firewalls. Verify site-to-site routing/connectivity before continuing with the phones.

PfSense in VMWare Cannot Access Web Control

Does it have gas in it? Can I give you a dumb answer?

Okay, then: 1. go into VMclient, open a console for pfsense and restart the PFS web interface.

A default VMware hypervisor has port 443 open, so there should not be any problem with the VMware firewall unless you tinkered with it.
While you are there, did you check the MAC assignment of the card to the LAN IP?
Can PFS ping the IP of the client trying to https: into the PFS web interface? Check cables too. Nothing feels dumber than spending hours to debug when the physical layer is the fault. It happens.
If you did all this, check the PFS logs for a TCP connection, if you see a ICMP connection and UDP but not TCP, then is a certificate required?

Best Answer

Related Solutions

Nat – pfsense nat between two internal ip

PfSense in VMWare Cannot Access Web Control

Related Topic