Block Guest Client to access pfsense Admin page
-
Hi Everyone
i have a problem with pfsense
my pfsense has 3 interfaces
WAN - LAN - GUESTGuest ip is 192.168.0.1 with captive portal voucher and it work fine
when people try to access internet, of course they asked for voucher code
and the ip is something like this http://192.168.0.1:8000/index.php?redirurl=http%3A%2F%2Fwww.google.com%2Fthe problem is i dont want client access the pfsense Admin page
when they simply tipe 192.168.0.1 in their web browser addressany solutions ?
i will appreciate for your reply
thanks
-
Stick this on the GUEST network FW rules
-
ONLY the guest interface. Don't stick that rule on your LAN interface.
-
That is one way to skin the cat.. I do it a bit different, I allow ping to guest interface address on pfsense, and then have an allow rule that only allows access to anything that is NOT my local networks. So this alias includes all my local networks.. Which would include all the pfsense interface addresses on other segments. So guest can only go out to the internet, they can even use pfsense dns - I hand out public dns servers to guest.
-
That is one way to skin the cat.. I do it a bit different, I allow ping to guest interface address on pfsense, and then have an allow rule that only allows access to anything that is NOT my local networks.
Try with WAN IP from the guest net. ;)
-
Try to hit my wan IP for admin from the guest? Ah, good point - that is blocked from wan. But if coming from the lan that might be reachable.. Will clearly check today - thanks!!