Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dynamic DNS or IP Address Goes to Login Page

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 897 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      newUser2pfSense
      last edited by newUser2pfSense

      I just noticed that when I enter my dynamic dns address into my Firefox browser, it takes me direct to my pfSense login page. As well, when I enter my WAN IP address into my Firefox browser, it takes me to my pfSense login page. I'm not a network person at all. Is this supposed to happen? If not, how should I craft a rule to stop this? If I create a rule to stop this, will my OpenVPN client still be able to connect to my pfSense instance? Any suggestions would be most helpful. Thank you.

      1 Reply Last reply Reply Quote 0
      • JKnottJ Offline
        JKnott
        last edited by

        If you're on your LAN, entering the WAN address will connect you to the login page. If you try from elsewhere, it should block you, as the filtering is done at the interface.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • johnpozJ Online
          johnpoz LAYER 8 Global Moderator
          last edited by

          @newuser2pfsense said in Dynamic DNS or IP Address Goes to Login Page:

          how should I craft a rule to stop this?

          Did you turn off the antilock out rule? You undestand with that rule anyone on lan can hit web gui on the lan ip. So what does it matter if they could hit it on the wan IP as well?

          As mentioned rules are evaluated as traffic enters an interface towards pfsense. So the default any any rule always you to hit any port you want on any IP.. So yeah coming from the lan side just like you can hit google.com on 80/443 you can hit your own wan IP.

          If you do not want users to hit your wan IP be it for gui or anything else like ntp, etc. The place a rule above the any any rule that blocks it.

          Rules are evaluated top down, first rule to trigger wins, no other rules are evaluated. If you want to block access to all IPs the firewall might have you can always use the built in "this firewall" alias.

          I would suggest you read
          https://www.netgate.com/docs/pfsense/firewall/firewall-rule-processing-order.html

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

          N 1 Reply Last reply Reply Quote 0
          • N Offline
            newUser2pfSense @johnpoz
            last edited by

            Thank you for the replies. I was actually checking from my LAN. When I tried from outside, Firefox timed out; it wasn't able to connect.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.