By default pfsense only allow access to web interface from LAN. But sometimes you need access from WAN, just for a very short time. For example, you do not have any machine in LAN that have web interface, and you need the web interface to make some changes.
The steps are as follows, if you have access to pfsense text based console
1. Access the text based console
2. Choose option 8, to access the pfsense shell
3. Run this command: pfctl -d
4. Once you get the message "pf is disabled", you can now access pfsense web interface using WAN ip, in this case, 192.168.20.3, and make your changes in the web interface. Once you activate the changes, the firewall will be turned on again, so you won't be able to access web interface via WAN anymore.
5. If by any chance you want to enable back firewall manually, run: pfctl -e
If you do not have access to the console, you have to use ssh.
1. ssh into any linux machine on the LAN side
2. From the linux machine, ssh into pfsense
3. Run pfctl -d
4. Access your pfsense web interface via WAN IP. The firewall will automatically started if you "Apply Change" in web interface.
5. If you want to enable pf manuallt, run pfctl -e.
6 Logout from pfsense
Credit to this site for the great tutorial.
No comments:
Post a Comment