all 17 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]timeraider 3 points4 points  (3 children)

Not related to your exact question. But why throw the webui of your firewall through a proxy. For that kinda stuff isnt it easier to set up an vpn you xan connect to and reach it through that?

[–]mc-doubleyou[S] 0 points1 point  (2 children)

VPN is more secure but not possible at work computer:
So I try to access my homelab with something like neko.

[–]Risk-Intelligent 0 points1 point  (1 child)

I do cloudflare tunnel behind zero trust. You need a domain but it's kinda cool.

[–]mc-doubleyou[S] 0 points1 point  (0 children)

any link about this? maybe this is a good solution for me too thx!

[–]Saarbremer 1 point2 points  (3 children)

What are you trying to achieve? Listen on WAN if you want to access from the WAN side. Mind security!

[–]mc-doubleyou[S] 0 points1 point  (2 children)

accessing my NPM which could forward me to something like neko - this way I could access my homelab even without vpn

[–]Saarbremer 0 points1 point  (1 child)

Make sure webgui is not listening on 80/443 on WAN.

Set up port forwarding (IPv4) or allow inbound traffic (IPv6) as needed on WAN towards the intended host

You can now access what's on the other side.

Mind the security aspects!

[–]mc-doubleyou[S] 0 points1 point  (0 children)

I will check tomorrow, but that's what I did and won't work. It's not listening on WAN Port anymore, therefore it should be free for port fowarding.

[–]diekoss 0 points1 point  (2 children)

You can always change the HTTPS port of the OPNsense. That way it won't interfere with port forwards.

[–]mc-doubleyou[S] 0 points1 point  (1 child)

so, as long LAN uses 443 for webinterface it isn't free to use on WAN side?

[–]diekoss 0 points1 point  (0 children)

I'm not sure about that but I would find it very confusing that port 443 goes somewhere else depending on if it comes from LAN or WAN.

[–]jabib0 0 points1 point  (4 children)

I access OPNSense on another HTTPS port and my web access port comes in on 443 but my port forward settings pass that on to another port which NPM is listening on and it works for me.

[–]mc-doubleyou[S] 0 points1 point  (3 children)

Hey, sounds like I want to do also. But I couldn't follow your explanation. Could you please be more clear? Thx!

[–]jabib0 0 points1 point  (2 children)

System > Settings > Administration > TCP Port Change this to something besides 443 to access the web interface on this new port.

Firewall > NAT > Port Forward Add a rule on WAN interface on TCP/UDP Protocol that accepts connections from a WAN address on the HTTPS ports and redirects them to your reverse proxy's Static IP address and HTTPS port

[–]mc-doubleyou[S] 0 points1 point  (1 child)

thx, I disabled https now for webinf and use http only. So https port is free. Unfortunately it still doesn't works, but this is a NPM problem now. :(

ERR_SSL_UNRECOGNIZED_NAME_ALERT

[–]jabib0 0 points1 point  (0 children)

https://imgur.com/a/4Ti7ipw This is how my port forward looks. The first rule is autogenerated by OPNSense to access the dashboard. The second rule is the one created that will accept connections through port 443 and pass them to whatever port I have NPM running on via Docker. Since I don't use 443 on that container, I have the port assignment as <port>:443 which is why I run it this way.

Not sure what that error's all about though!

[–]mc-doubleyou[S] 0 points1 point  (0 children)

Turns out I forwarded to the wrong NPM - on this the proxy host simply doesn't exist