PFsense web admin interface reachable from www, HELP!
-
I just realized that my pfsense admin interface can be acessed from www by any would be intruder that knows my WAN IP.
I need to fix this ASAP, can anyone help me?
-
Delete the firewall rule on your WAN interface that allows the traffic.
-
Does this look ok?
![admin interface from WAN.jpg](/public/imported_attachments/1/admin interface from WAN.jpg)
![admin interface from WAN.jpg_thumb](/public/imported_attachments/1/admin interface from WAN.jpg_thumb) -
I just checked, the admin interface is still accessable from WAN with the above WAN rules :(
-
Shouldn't be. Are you sure you're seeing what you think you're seeing? PM me your outside address.
-
PM sent.
-
It's not reachable by WAN with that config unless you have floating rules allowing it. Guessing you're probably trying from inside your network to your WAN IP, which isn't a valid test since that hits your LAN rules, not WAN.
-
Yeah. It's not accessible from the outside.
-
Step 1:
I disconnected from my home WI-FI network with my mobilephone and started using the public mobile network.Step 2:
I typed in my WAN adress in the mobilephone webbrowser window and I got the pfsense login window.![admin interface from WAN2.1.jpg](/public/imported_attachments/1/admin interface from WAN2.1.jpg)
![admin interface from WAN2.1.jpg_thumb](/public/imported_attachments/1/admin interface from WAN2.1.jpg_thumb) -
Assuming your WAN IP is probably the IP you're posting here from, no, it's not open, as Derelict confirmed. Guessing you weren't disconnected from wireless, or have a VPN into your network. Or your browser cached the login page and doesn't care whether it can still reach it.
-
Or the mobile phone provider cached it…
$ openssl s_client -connect 85.X.X.X:443
connect: Operation timed out
connect:errno=60
$ openssl s_client -connect 85.X.X.Y:443
connect: Operation timed out
connect:errno=60