Blocking webGUI access from outside

yodaphone · Jan 23, 2017, 7:07 PM

For the life of me, i just can figure out why this is enabled. I have put explicit Firewall rules in WAN & have only 1 port forward & that too on a different port. Even then i'm able to log on to the webgui from outside the network.

Any ideas why?

doktornotor · Jan 23, 2017, 7:28 PM

It's blocked by default. Dunno what you are doing there, and from the looks at all that useless/duplicate OpenVPN/IPsec stuff there, you don't have a clue either.

yodaphone · Jan 23, 2017, 7:56 PM

ok genius, not all like you were born with pfsense in their mouth.

the 1st rule in WAN clearly says ports 443 etc are blocked. then how come i can still access it?

yodaphone · Jan 23, 2017, 7:57 PM

@doktornotor:

It's blocked by default. Dunno what you are doing there, and from the looks at all that useless/duplicate OpenVPN/IPsec stuff there, you don't have a clue either.

and FYI, i set these rules AFTER i found out that i was able to access it from the web. so i do have some clue, not as pompous as yours though

KOM · Jan 23, 2017, 8:39 PM

What is 10.10.10.1? Why do you have a NAT rule forwarding 10.10.10.1:443 to 127.0.0.1:8443? It looks like a pfBlocker rule but I can't say for sure. If you have WebGUI listening on a port that you're trying to forward then the result is that WebGUI gets forwarded. Move WebGUI to a different port or stop forwarding 443.

yodaphone · Jan 23, 2017, 9:40 PM

@KOM:

What is 10.10.10.1? Why do you have a NAT rule forwarding 10.10.10.1:443 to 127.0.0.1:8443? It looks like a pfBlocker rule but I can't say for sure. If you have WebGUI listening on a port that you're trying to forward then the result is that WebGUI gets forwarded. Move WebGUI to a different port or stop forwarding 443.

Yes it a pfblocker rule. will try moving webgui to another port & see

yodaphone · Jan 23, 2017, 11:22 PM

@KOM:

What is 10.10.10.1? Why do you have a NAT rule forwarding 10.10.10.1:443 to 127.0.0.1:8443? It looks like a pfBlocker rule but I can't say for sure. If you have WebGUI listening on a port that you're trying to forward then the result is that WebGUI gets forwarded. Move WebGUI to a different port or stop forwarding 443.

thanks. tried that & that didnt work. So just reset the firewall & re-did the setup. that worked. ::) :o

KOM · Jan 24, 2017, 12:30 AM

Resetting the states might have done the same thing without reinstalling, but at least it's working.

yodaphone · Jan 25, 2017, 10:36 PM

@KOM:

Resetting the states might have done the same thing without reinstalling, but at least it's working.

yup, but definitely something i messed up with. since i'm new to this, i was learning stuff i tried things. anyway this is for a home setup, so no one yelled. ;D

chpalmer · Jan 25, 2017, 11:42 PM

If you are trying to access from your own LAN then nothing you put in your WAN rules will affect that.

yodaphone · Jan 26, 2017, 2:38 AM

@chpalmer:

If you are trying to access from your own LAN then nothing you put in your WAN rules will affect that.

i am not. i tried it from outside the network from work. the pfsense is at home. But its resolved anyway