Uberleet

Linux Systems Articles for better insights

The single biggest gripe I have with pfSense.


The single biggest gripe I have with pfSense.

I install pfSense in network situations where I want to protect servers in a datacenter or colo, and have no clients on the LAN side.

You can turn on SSH by the vga console, but getting the web GUI is a different story. You actually need a host with a GUI running on the LAN network in order to browse pfSense and create the neccessary rules to allow WAN clients to web administration!

  • Install pfSense on your target machine

  • Unless your WAN gets a DHCP address, you will need to manually assign the IP Address of the WAN interface:

-- Get to the CLI (option 8 )

-- Type "ifconfig en0 10.20.30.40 255.255.255.248" (substitute en0 for your WAN interface and use the correct IP Address/Mask)

-- Type "route add default "

-- Type "pfctl -d" to temporarily disable the packet filter

  • Point your browser to your WAN IP address then login as admin/pfsense

  • Once you have done your initial configuration, MAKE SURE to enable the packet filter again (CLI --> "pfctl -e")

How can I access the webGUI from the WAN

Access to the GUI is disabled by default for security reasons, and should be left that way or restricted to specific authorized remote management IP addresses.

If HTTPS (tcp/443) is already being forwarded on the WAN IP address to an internal system, it may be necessary to change the port for the GUI in order to reach it from the WAN using HTTPS.

To allow access from the WAN, navigate to Firewall > Rules on the WAN tab add a firewall rule to pass the appropriate source(s) to a destination of the WAN IP and port the webGUI is using. Passing from a source of "any" is highly discouraged for security reasons.