Web GUI from WAN IP inside LAN is this normal?
-
Hello all simple question as I am paranoid about what this means. To start off with I have no WAN Firewall rules set. But I am able to access my Webgui from inside my LAN by typing in my WAN IP. Is this normal? Is there a setting I can switch this off at? I have tried accessing the IP from a remote computer and it does not complete as I would expect. Just looking to make sure, thanks!
-
Is this normal?
Yes.
Is there a setting I can switch this off at?
No. It simply hits the same endpoint via LAN instead.
I have tried accessing the IP from a remote computer and it does not complete as I would expect.
Do all testing from WAN, not LAN.
-
One other point. The filtering that would block this is done on the WAN interface. You are not passing through it, even when connecting to the WAN address from the LAN side.
-
Lets look at it this way… Lets say your wan IP is 1.2.3.4
What is the default lan rules? Any Any right! So is 1.2.3.4 fall into ANY? If so then yes the lan would be able to access it.
Rules are evaluated as traffic enters that interface from the network its connected too, first rule to trigger wins no other rules are evaluated. So when you have some client on 192.168.1.X for example on your lan wanting to go to 1.2.3.4:443 that falls in the rule any any - so yes it is allowed.
If you do not want to be able to hit the wan IP from your lan - then put in a rule that blocks that on your lan... But seems kind of pointless since your allowing lan your web gui on the lan address via the anti lockout rule.
