Virtualized pfsense web login from outside virtual network

As the title suggests i am doing further experimentation with pfsense in a virtualized environment and it works great.

My question is this is there a way to open up the web login interface to specific private IP addresses on the WAN side?

To be clear the wan side of the pfsense instance is behind my physical firewall so still protected from true public access. What I essentially want to do it is be able to use my desktop which is not routed through the virtual instance of pfsense to login to the control panel and be able to make changes or read logs. I realize this may be an issue if my pfsense instance was my primary firewall from a security standpoint but i have a few private addresses i would like to white list to access the web interface for the virtual pfsense is this possible , I am having issues finding help for this topic because most sites assume pfsense is at the edge of the network when in my case its at the edge of my virtual lab not the physical network.

In pfsense you would create a WAN firewall rule to allow access to the port you have the pfsense interface on (default 443) destination would be self and then you would only allow from the IP (single host or alias option) that you want. In the case of multiple IP’s you could create an alias.

Thanks Tom that worked had to do one more thing it appears having this checked (it sets it up by default on the WAN)

Block private networks and loopback addresses
Blocks traffic from IP addresses that are reserved for private networks per RFC 1918 (10/8, 172.16/12, 192.168/16) and unique local addresses per RFC 4193 (fc00::/7) as well as loopback addresses (127/8). This option should generally be turned on, unless this network interface resides in such a private address space, too.

cause issues to as it override the rule i just made turned this off and it was working.

1 Like