OPNsense-bot
commented
1 week ago Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.
For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.
The easiest option to gain traction is to close this ticket and open a new one using one of our templates.
I've seen a lot of activity on forums asking about setting up external access to the web interface on the firewall. Most of the advice is "set up your firewall with no LAN networks and copy the anti-lockout rule" which is rather wonky. I did manage to figure out how to do is directly, and all it takes is "one simple trick"... I'll put it here in case anyone needs the info:
(This is for http, https in parens, modify for a different destination port if desired) Firewall: NAT: Port Forward rules Create rule Interface: WAN Protocol: TCP (TCP/UDP) Destination: WAN address Destination port range: HTTP (HTTPS) Redirect target IP: 192.168.x.1 (your firewall) Redirect target port: HTTP (HTTPS) Filter rule association: Pass (this is the "secret sauce" most people miss)
My sugggestion is, rather than modify the anti-lockout rule based on whether the router is configured with a LAN network, the firewall should instead include a default rule under the NAT ruleset, like this one, and enable/disable it based on whether or not a LAN network exists.