Dynamic DNS or IP Address Goes to Login Page
-
I just noticed that when I enter my dynamic dns address into my Firefox browser, it takes me direct to my pfSense login page. As well, when I enter my WAN IP address into my Firefox browser, it takes me to my pfSense login page. I'm not a network person at all. Is this supposed to happen? If not, how should I craft a rule to stop this? If I create a rule to stop this, will my OpenVPN client still be able to connect to my pfSense instance? Any suggestions would be most helpful. Thank you.
-
If you're on your LAN, entering the WAN address will connect you to the login page. If you try from elsewhere, it should block you, as the filtering is done at the interface.
-
@newuser2pfsense said in Dynamic DNS or IP Address Goes to Login Page:
how should I craft a rule to stop this?
Did you turn off the antilock out rule? You undestand with that rule anyone on lan can hit web gui on the lan ip. So what does it matter if they could hit it on the wan IP as well?
As mentioned rules are evaluated as traffic enters an interface towards pfsense. So the default any any rule always you to hit any port you want on any IP.. So yeah coming from the lan side just like you can hit google.com on 80/443 you can hit your own wan IP.
If you do not want users to hit your wan IP be it for gui or anything else like ntp, etc. The place a rule above the any any rule that blocks it.
Rules are evaluated top down, first rule to trigger wins, no other rules are evaluated. If you want to block access to all IPs the firewall might have you can always use the built in "this firewall" alias.
I would suggest you read
https://www.netgate.com/docs/pfsense/firewall/firewall-rule-processing-order.html -
Thank you for the replies. I was actually checking from my LAN. When I tried from outside, Firefox timed out; it wasn't able to connect.
