Blocking webGUI access from outside

yodaphone

For the life of me, i just can figure out why this is enabled. I have put explicit Firewall rules in WAN & have only 1 port forward & that too on a different port. Even then i'm able to log on to the webgui from outside the network.

Any ideas why?

web01.png_thumb

web02.png_thumb

web03.png_thumb

web04.png_thumb

web05.png_thumb

doktornotor

It's blocked by default. Dunno what you are doing there, and from the looks at all that useless/duplicate OpenVPN/IPsec stuff there, you don't have a clue either.

yodaphone

ok genius, not all like you were born with pfsense in their mouth.

the 1st rule in WAN clearly says ports 443 etc are blocked. then how come i can still access it?

yodaphone

@doktornotor:

It's blocked by default. Dunno what you are doing there, and from the looks at all that useless/duplicate OpenVPN/IPsec stuff there, you don't have a clue either.

and FYI, i set these rules AFTER i found out that i was able to access it from the web. so i do have some clue, not as pompous as yours though

KOM

What is 10.10.10.1? Why do you have a NAT rule forwarding 10.10.10.1:443 to 127.0.0.1:8443? It looks like a pfBlocker rule but I can't say for sure. If you have WebGUI listening on a port that you're trying to forward then the result is that WebGUI gets forwarded. Move WebGUI to a different port or stop forwarding 443.

yodaphone

@KOM:

What is 10.10.10.1? Why do you have a NAT rule forwarding 10.10.10.1:443 to 127.0.0.1:8443? It looks like a pfBlocker rule but I can't say for sure. If you have WebGUI listening on a port that you're trying to forward then the result is that WebGUI gets forwarded. Move WebGUI to a different port or stop forwarding 443.

Yes it a pfblocker rule. will try moving webgui to another port & see

yodaphone

@KOM:

What is 10.10.10.1? Why do you have a NAT rule forwarding 10.10.10.1:443 to 127.0.0.1:8443? It looks like a pfBlocker rule but I can't say for sure. If you have WebGUI listening on a port that you're trying to forward then the result is that WebGUI gets forwarded. Move WebGUI to a different port or stop forwarding 443.

thanks. tried that & that didnt work. So just reset the firewall & re-did the setup. that worked. ::) :o

KOM

Resetting the states might have done the same thing without reinstalling, but at least it's working.

yodaphone

@KOM:

Resetting the states might have done the same thing without reinstalling, but at least it's working.

yup, but definitely something i messed up with. since i'm new to this, i was learning stuff i tried things. anyway this is for a home setup, so no one yelled. ;D

chpalmer

If you are trying to access from your own LAN then nothing you put in your WAN rules will affect that.

yodaphone

@chpalmer:

If you are trying to access from your own LAN then nothing you put in your WAN rules will affect that.

i am not. i tried it from outside the network from work. the pfsense is at home. But its resolved anyway