Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ntopng

    Scheduled Pinned Locked Moved Traffic Monitoring
    6 Posts 3 Posters 902 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chrisp8756
      last edited by

      Hello Everyone,
      So I noticed that my ntopng web gui is available on the wan side. I don't want anyone from the wan accessing the ntopng web gui. I cannot seem to figure out how to stop this from happening. Can anyone guide me here.. I've tried port blocking but it doesn't seem to work. Any help would be much appreciated.

      Thanks
      Chris

      1 Reply Last reply Reply Quote 0
      • A
        akuma1x
        last edited by

        By default,nothing from the WAN side passes into your network, unless it first originated on the LAN side. This means any machine on your LAN side can initiate a session and traffic will get passed back thru to that LAN client. NEVER the other way around.

        Unless... you have created rules to pass WAN traffic thru the firewall. Have you done anything like that? Can you show your WAN rules?

        Jeff

        1 Reply Last reply Reply Quote 0
        • C
          chrisp8756
          last edited by

          Thanks for your reply!

          So I think I figured out what is causing the issue. I noticed that my default setup on another pfsense box. Under firewall/nat/outbound the default is ticked "automatic outbound nat rule generation".

          However, on my custom pfsense box which has a xbox setup for it online use. The "hybrid Outbound rule is ticked. I am wondering if this is the reason why my ntopng is accessible to the wan. I have not changed anything yet but Im curious if you agree?

          Thanks again!
          Chris

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            No that would not allow inbound traffic. No custom outpound NAT rules could pass inbound traffic.

            You mentioned a custom setup for xbox, exactly what have you added for that? There are some bad guides out there...

            Did you enable upnp for example?

            A screenshot of your WAN firewall rules would be pretty conclusive here.

            Steve

            C 1 Reply Last reply Reply Quote 0
            • C
              chrisp8756 @stephenw10
              last edited by

              @stephenw10 Yes upnp was enabled to allow for xbox setup. 99% of the time the XBOX isn't in use. The Xbox has a assigned ip on the network.

              This was the guide I used to setup the xbox.
              https://www.youtube.com/watch?v=whGPRC9rQYw&t=334s

              For the short term I has just turned off ntopng .. Would once I figure out how to fix it.. I will have it enabled again. Many thanks for the help.

              Thanks,
              Chris

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by stephenw10

                Mmm, that's actually a pretty good video. There is some total garbage out there!

                Importantly they restrict what can open port forwards. I would still check the upnp status for anything opening port 3000 though.

                Steve

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.