Change default Port

Reconnect to WebUI

• Open Windows Terminal
• Use the command: ssh root@<yourIP4> -L 443:<WAN_IP4>:9443

This will open up a tunnel. After that you should be able to reconnect via https://localhost.

Note

If you cannot reach the OPNSense make sure that the firewall is disabled in OPNSense.

You can do so from Proxmox in the OPNSense console by selecting option 8.
In the OPNSense console you can then type pfctl -d to disable the firewall.
It will reenable after each apply you do inside of the OPNSense WebUI or by running pfctl -e.
All Rules will be disabled when the firewall is disabled.
If every you can’t reach OPNSense on the tunnel or you need to trubbleshoot make sure to disable the firewall again.

THIS WILL HAPPEN A LOT DURING SETUP!

Change default Port

We change the default port of OPNsense to a custom one, as we will then forward everything that comes into our WAN input directly to our proxy manager:

• Go to System > Settings > Administration
• Change the ‘TCP port’ to 9443
• Change ‘Alternate Hostnames’ to opnsense.yourdomain.com
• Hit ‘safe’

Change WAN-Settings

• Go to Interfaces > WAN > Basic configuration
• Enable ‘Lock’-Option
• Hit ‘safe’

Create NAT-Rule

We now also forward the default port from my WAN-Address here.

• Go to Firewall > NAT > Port Forward
• Add Rule by clicking the plus-button
• Enter the following values
• Hit ‘safe’ and then ‘apply’

NATrule-Settings

Port 80 / http

Interface - WAN
Destination / Invert - false
Destination - WAN_ADDRESS
Destination port from - http (80)
Destination port to - http (80)
Redirect Target IP - Proxy-Alias (IP: 10.1.2.2)
Redirect Target Port - http (80)

Port 443 / https

Interface - WAN
Destination / Invert - false
Destination - WAN_ADDRESS
Destination port from - https (443)
Destination port to - https (443)
Redirect Target IP - Proxy-Alias (IP: 10.1.2.2)
Redirect Target Port - https (443)