因为是实验环境,所以 WAN 口还是内网,我还是要经常通过 WAN 口访问 OPNsense 的。
首先,最经常用的命令 (in OPNsense terminal shell):
# disable all filter
pfctl -d
# enable all filter
pfctl -eFor every ‘apply’ and some ‘save’ actions, pfctl -e will be automatically done.
So, during the setup, you will need to pfctl -d quite a few times.
- Interfaces → WAN → Cancel “Block Private Network”
- System → Settings → Administration → Web GUI → Make sure ‘Listen Interfaces’ have both WAN and LAN.
- Firewall → Rules → WAN → Add a new rule to allow ‘in’ traffic with ‘source’ from ‘WAN net’.
- Reboot (it is weird that, after applying the rule above, you still don’t get access, but after reboot, it will work.)
这个 “重启” 的操作真是不知道坑了多少人。