So, I just realized that if i use my WAN IP in my browser from within my network, it brings me to my pfsense login page…
At first I panicked thinking this was also accessible externally, but luckily it is not.
I have rules in place to prevent devices from accessing the GUI unless they’re part of an alias, however if I access it in this way, it bypasses the check.
Why is my WAN IP resolving to my pfsense login?
Edit: As just about everyone has mentioned, this seems like NAT Reflection, however I have this disabled everywhere I’ve found. Here is the setting in System>>Advanced>>Firewall & NAT as well as in the individual NAT rules as seen here
If you really want to, not really necessary though. You’ll still always be able to reach it using the router ip too. The routers interface only responds to LAN traffic and can’t actually be reached from WAN. This is pretty typical of most consumer networks.
Hm, currently I have PFsense and my other network equipment on it’s own “management” VLAN, and I don’t allow my other VLANs access to it (except for a couple devices I whitelist). None of those can reach PFsense via the LAN IP as I expect, only by the WAN IP.