Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Preventing access to WebGUI from WAN?

    Scheduled Pinned Locked Moved
    General pfSense Questions
    3
    6
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fernando36
      last edited by

      After some tinkering with configuration and rules I now have external access to WebGUI.. but I'm unable to revert it.

      On Advanced -> webConfigurator , all "disable" options are unchecked.
      I use an Alternate Hostname and changed port.

      I have no rules on my webGUI port (X) on WAN tab

      On Lan I have the following:

      ID Proto Source Port Destination   Port Gateway Queue Schedule Description

      *    *           * LAN Address    X * * Anti-Lockout Rule

      * LAN net * * * Failover none   Default allow LAN to any rule

      ???

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        Check the firewall rules on "WAN" interface.
        check your NAT/PortForward rules
        make sure you clicked "Apply Changes" on firewall rules and not just only "Save".
        Reset the states to make sure there isn't any existing

        1 Reply Last reply Reply Quote 0
        • F
          fernando36
          last edited by

          @Nachtfalke:

          Check the firewall rules on "WAN" interface.
          check your NAT/PortForward rules
          make sure you clicked "Apply Changes" on firewall rules and not just only "Save".
          Reset the states to make sure there isn't any existing

          Nothing

          I have some other ports open/forwarded but not the WebGUI port

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            Are you sure that there isn't any "Anti-Lockout rule" on the WAN interface ?

            Perhaps you can post a screenshot of your WAN firewall rules so that we can check what's going on ?

            1 Reply Last reply Reply Quote 0
            • T
              tim.mcmanus
              last edited by

              Silly question:  Are you testing it from inside your LAN?  I made the silly mistake once of creating a route out another WAN connection (same pfSense box) and tried to access WAN1's external IP address from WAN2, and all I got was the pfSense login page even though I didn't have that port open on the WAN.  Took me about an hour to figure it out.  I had to resort to using my iPad over 3G to test the perimeter of my pfSense box (still do on occasion).

              1 Reply Last reply Reply Quote 0
              • F
                fernando36
                last edited by

                @Nachtfalke:

                Are you sure that there isn't any "Anti-Lockout rule" on the WAN interface ?

                Perhaps you can post a screenshot of your WAN firewall rules so that we can check what's going on ?

                Maybe not a good idea to post the rules here?

                But I don't have any rule on my WebGUI port.

                @tim.mcmanus:

                Silly question:  Are you testing it from inside your LAN?  I made the silly mistake once of creating a route out another WAN connection (same pfSense box) and tried to access WAN1's external IP address from WAN2, and all I got was the pfSense login page even though I didn't have that port open on the WAN.  Took me about an hour to figure it out.  I had to resort to using my iPad over 3G to test the perimeter of my pfSense box (still do on occasion).

                I was testing from a proxy. Confirmed now on 3G I can't access it.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post