This firewall solution is the unsung hero of open source firewalls so if you have not seen it, get your hands dirty and you will be amazed. This product has similar features to many commercial firewalls and in many instances is far easier to deploy, configure and use.
This great firewall comes in two major variants, the community edition which is free to download and install on your own hardware or virtualization platform and the commercial appliances which come in multiple models from hardware, to virtual and cloud appliances.
Managing PFSense is done via a web interface which is generally accessed via the internal or LAN interface. The image below shows the dashboard.
There may come a time when you may need to manage PFSense via the WAN interface. For example you may only have Linux servers on the LAN being protected by this firewall. This means you have no web browsers available on the LAN to connect to the web console. In this instance you will need to enable access to the web console via the WAN interface. There are a few ways to achieve this but in the example below we will follow these steps:
- SSH into a Linux Server located on the LAN behind the Firewall
- From the Linux VM SSH to the PFSense Server
- Disable the packet filter by running the command pfctl -d on the PFSense server
- Manage the server via the WAN interface.
- Re-enable packet filters via the web console to secure the PFsense server.
Enabling the WAN Interface – Step by Step
Please note that this procedure will disrupt normal network activity so it is best done during a maintenance window.
The first thing we need to do is SSH onto the Linux Server located behind the firewall.
ssh username@<server ip address>
Once you are on the Linux server you now need to SSH onto the PFSense server.
ssh admin@<pfsense server ip address>
On the PFSense server run the command pfctl -d to disable the packet filter as shown in the image below
NOTE: You will lose connection to your Linux VM when you run this command. DON’T PANIC!
Now you will be able to access the web console via the WAN IP Address as shown in the image below.
Once you have completed your maintenance tasks, you need to re-enable the packet filters. You will need to do this via the web console as you have no SSH access . Go to Diagnostics and the Command Prompt on the PFSense menu as shown below.
In the Execute Shell Command box type in pfctl -e to enable packet filters and click on Execute as shown below.
You will lose access to the web console via the WAN but your SSH access will now be restored back and your firewall is secure once more.