So, I just realized that if i use my WAN IP in my browser from within my network, it brings me to my pfsense login page…
At first I panicked thinking this was also accessible externally, but luckily it is not.
I have rules in place to prevent devices from accessing the GUI unless they’re part of an alias, however if I access it in this way, it bypasses the check.
Why is my WAN IP resolving to my pfsense login?
Edit: As just about everyone has mentioned, this seems like NAT Reflection, however I have this disabled everywhere I’ve found. Here is the setting in System>>Advanced>>Firewall & NAT as well as in the individual NAT rules as seen here
NAT reflection maybe?
Hm, my only NAT rule is to allow traffic to my game server on specific ports. Is there somewhere else that could be set? EDIT: I think you’re right.
Sounds like hairpin NAT. Don’t worry, the traffic never leaves your network
Thank you, that was the first thing I checked after having a near heart attack, haha. I thought the whole world could see my login for a second there.
This is known as NAT Hairpinning. When you use your wan IP from within your LAN, your router will route it back to LAN applying your port forwarding rules.
If you were to set a rule forwarding port 80 to something else, you’d get that instead of your pfsense interface (which your router hosts on port 80 but only listens to LAN IPs).
