Interface can't connect to pfSense's WAN port
Interface can't connect to pfSense's WAN port
Hello! I converted my old laptop into a pfSense firewall. I connected a USB 3.0 Ethernet adapter and set it as the WAN port, everything seems to be working. The WAN connects to the LAN via DHCP, and the LAN interface points to the router's IP. However, I can't access the web interface on the router (192.168.1.1). When I ping my laptop (192.168.254.106), it shows a "Request timed out." I've already turned off the AP isolation on the router through Telnet Switch, but it doesn’t help.
Are you seeing any pings from the WAN side? Have you turned off the default blocked addresses like “block bogon” and “block private” in the WAN configuration? You’ll need to disable them if you’re using pfSense in a lab setting and want to access the firewall from the WAN. Just remember, if you set up the WAN as your primary network, don’t forget to re-enable those restrictions.
You need to create a firewall rule for the WAN interface that permits ICMP ping. By default, pfSense blocks all traffic coming in on the WAN interface.
Are you attempting to access the web interface directly from the LAN of pfSense? Since you shouldn’t allow anyone on the WAN to try brute-forcing the password, it makes sense to restrict access internally. The ping problem others have discussed remains unresolved until you gain control of the UI.
I'm not running a pfSense instance at the moment for testing, though it's typical on other firewall systems to be unreachable from the far side interface. This means you can't access the WAN port from a LAN IP address. If you're using a multisite VPN configuration, connecting to a firewall's LAN IP from another site usually isn't possible, even if you can reach other devices on your local network. I'm not sure how pfSense handles traffic in this way—firewalls and routers function differently, so solutions that work for one may not apply to the other.
The router must function identically at all times, and it should never permit access to the router's interface from the WAN side.
I don't agree with that claim. As I mentioned earlier, a firewall and a router serve different purposes and function differently. A strong firewall should restrict WAN access by default. A router acts more like a logic device, performing exactly what it is instructed to do without understanding the distinction between WAN and LAN ports—it simply follows its assigned tasks without overstepping. Please note, I'm referring to an actual router, not the hybrid devices that combine firewall, router, switch, and access point features. Those types are more similar to firewalls than to standard routers.
A "true router" is a device designed specifically for managing network connections, typically featuring dedicated WAN ports and firewall functionality from the start. It differs from general firewalls, which may not be routers at all. The distinction matters because SOHO routers are often used by most people, while high-end core routers serve different purposes.
Actually, the setup you described is quite reversed. Every firewall includes a basic routing system, though not every router has one. A router acts as a connection point between different network segments. When a router links a local area network to the internet, it must handle NAT and enforce access controls to prevent unwanted traffic from entering. In this role, it operates as a simple, fundamental firewall. There are numerous cases in cooperative networks where routers aren’t edge devices and don’t directly interact with the internet. More often than not, the purpose of routers is being supplanted by layer-3 switches, though in the traditional seven-layer model, the router serves as a distribution device at layer 3. On a genuine router—such as a Cisco or Juniper model—it’s crucial that it performs exactly what it’s instructed to do. Professional routers also rely on routing protocols like BGP, EIGRP, OSPF, etc., to efficiently share network information and optimal paths across the network. Yes, I understand we’re not discussing consumer routers, but when referring to professional firewalls, this clarification is important. If this was about a Netgear Router, I wouldn’t have commented, as your point makes sense in that scenario, but it’s misleading in the broader context of firewall discussions.
We focused solely on SOHO edge devices. It was you who mentioned routers and firewalls behave differently, which wasn’t important here because for SOHO edge devices they function identically—just with a custom router OS you can adjust the default settings to act more like a professional firewall or router. However, consumer devices like OpenWRT, pfSense, OPNsense, and others clearly define LAN and WAN configurations. I believe the confusion came from thinking they were connected to two separate LAN networks, hoping to use them as a LAN-to-LAN router, while the rest of us were trying to confirm whether that was their intention.