Access Pfsense Web configurator over WAN (the Internet)

The ability to access the Pfsense WEB configurator / WebUI interface remotely is disabled by default. You can enable it by following 5 short steps:

Step 1 – Enable HTTPS in pfsense

This is very important, especially if you are going to be accessing it over a public wifi network. To do this go to System -> Advanced, and change protocol to HTTPS, as well as the port number to something else – I use 8080.

Step 2 – Disable DNS binding and HTTP_REFERER

Disable DNS Rebinding Checks

Disable HTTP_REFERER enforcement check

If you need these enabled, then simply insert the hostname you use to access Pfsense in this box:

Alternate Hostnames for DNS Rebinding and HTTP_REFERER Checks.

For example, if you access your server using a dynamic address such as pfsensebox.homelinux.com, then you should but this address in that box.

Step 3 – Add firewall rule for port 8080

A firewall rule for inbound traffic on port 8080 needs to be created for the WAN interface. Failure to do this will result in the firewall rejecting any inbound requests (as it should). Click on **Firewall -> Rules **and ensure that the WAN tab is selected (it is by default).

  • Select WAN interface
  • Set source to any
  • Set destination to WAN subnet
  • For the to and from fields enter port 8080
  • Click on save.

Here is a screenshot of the settings:

[![](http://3.bp.blogspot.com/-xdOY4v4IOc4/UUtuUdfTkkI/AAAAAAAAAwQ/K-5JN4bMvb4/s400/rule.png)](http://3.bp.blogspot.com/-xdOY4v4IOc4/UUtuUdfTkkI/AAAAAAAAAwQ/K-5JN4bMvb4/s1600/rule.png)
 Step 4 – Change default username and password
Please don’t ignore this step – you’ll be sorry if you do 🙂 Click on **System -> User Manager** -> **Click on the ‘e’ next to your admin user -> insert your new password -> click on save**.

Step 5 – Forward port 8080 to your WAN interface address

Forward port 8080 (or whichever port you chose in step 1) on your router to your WAN interface address. This is necessary since all incoming connections on port 8080 will be rejected at your router by default. Port forwarding (also known as port mapping) is beyond the scope of this tutorial.