best practice for modem access

aestus

Hey guys, brand new to pfSense and managing my home network.

I can access my modem web GUI fine. I was a little confused by this because my LAN is on 10.10.10.0/24 and the management IP is 192.168.100.1 but I looked around and found the "Default allow LAN to any rule" in my LAN firewall rules so I believe that's why I can do this.

However I notice when I go to 192.168.100.1 I just get right in - no username, no password, just bam I'm in there and can see logs, system info, options to change settings, etc - and this is disturbing me a little.

Do I really want this to be accessible to anyone on my LAN? Can I setup a specific firewall rule to block 192.168.100.1/32 or something?

I did find a tab that says I can change the password (which I assume is nothing right now), but if I do that, will I break anything? Does my ISP need access to manage it?

Thanks
-noob

chpalmer

Yes that is normal.

Yes you can build a firewall block rule to block your LAN clients if you wish.

Rules are parsed from top to bottom.
so-
pass rule for your computer
block rule for rest of LAN
pass rule allowing all (default allow all rule.)

pfsense will indeed pass any traffic outside it's own LAN subnet(s) out the WAN.

My biggest question here is why would you be on the same LAN as those you don't trust with your cable modem? What model modem is it anyways? Should not be much they can do other than to factory reset it and reboot it. Which would both be only temporary outages until it got its config file from the ISP.

aestus

This post is deleted!