Description
I've seen a lot of activity on forums asking about setting up external access to the web interface on the firewall. Most of the advice is "set up your firewall with no LAN networks and copy the anti-lockout rule" which is rather wonky. I did manage to figure out how to do is directly, and all it takes is "one simple trick"... I'll put it here in case anyone needs the info:
(This is for http, https in parens, modify for a different destination port if desired)
Firewall: NAT: Port Forward rules
Create rule
Interface: WAN
Protocol: TCP (TCP/UDP)
Destination: WAN address
Destination port range: HTTP (HTTPS)
Redirect target IP: 192.168.x.1 (your firewall)
Redirect target port: HTTP (HTTPS)
Filter rule association: Pass (this is the "secret sauce" most people miss)
My sugggestion is, rather than modify the anti-lockout rule based on whether the router is configured with a LAN network, the firewall should instead include a default rule under the NAT ruleset, like this one, and enable/disable it based on whether or not a LAN network exists.
Activity