Webgui accessible thru WAN & OPT1!



  • Hi, somehow my webgui is accessible from wan AND opt1 interfaces, meaning anyone know my wan ip, or my vpn client ip, they can get the login page of my firewall.
    How and where can i 100% block this, so its only accessible from LAN?
    I have tried putting new firewall rules for wan and opt1, to block and or reject port 80, nothing happens, still open

    Version	2.3.4-RELEASE-p1 (amd64) 
    built on Fri Jul 14 14:52:43 CDT 2017 
    FreeBSD 10.3-RELEASE-p19 
    
    


  • I found the culprit.
    I used the setup wizard to create an openvpn server, and in the end i checked the box that tells it to create a rule. This rule is to allow anything on any port using any protocol.

    changing this to specific port of the openvpn server, and only udp, actually closed all ports that should not be open.

    I think this is a bug in the setup wizard to open all ports.


  • LAYER 8 Global Moderator

    Unless you have created a rule to allow it.. No your gui would not be available via your wan IP from the actual wan..

    Can you post your rules on your wan.


Log in to reply