pfSense allow web interface access on WAN from specific IP
Published: 31-12-2014 | Author: Remy van Elst | Text only version of this article
Table of Contents
pfSense is a fast and simple FreeBSD based firewall appliance with a nice webmanagent interface and the power of the pf firewall underneath. Normally the webinterface is only accessible from the management LAN (or LAN by default)interface. If you for whatever reason locked yourself out or need access from adifferent IP via the WAN interface you can use the easyrule command line totemporarly add a rule that allows your remote IP in. This simple snippet showsyou how.
The following command adds a firewall rule, allowing tcp traffic in on port 443from remote IP XX.XX.XX.XX: to the WAN IP on YY.YY.YY.YY:
easyrule pass wan tcp XX.XX.XX.XX YY.YY.YY.YY 443
You can also allow SSH access and set up a remote port forward (
ssh -Llocalport:remoteip:remoteport remoteip):
easyrule pass wan tcp XX.XX.XX.XX YY.YY.YY.YY 22
Remember to remove the rule when you've restored access to the web interface viayour regular way.
See other methods to get back in the webinterface on the pfSense Wiki.Tags: bsd, firewall, freebsd, iptables, pf, pfsense, security, snippets