• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Browser page?

Scheduled Pinned Locked Moved 2.5 Development Snapshots (Retired)
6 Posts 3 Posters 653 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rcfa
    last edited by Sep 12, 2020, 2:14 AM

    I just thought of something that might be useful:
    a page in pfSense UI where one can enter a URL, and that's loaded within a frame of that page.

    Why would I want that?

    Example: I have admin access to pfSense from the public internet, but in the private network there are network devices, such as switches that have their own web interfaces, or there may be home automation devices with web interfaces, etc.

    Occasionally, even just to test accessability, one may want to access one of these devices, but one may not want to do port forwarding etc. to limit what's exposed to the outside.

    Anyone else thinks that's a useful idea?

    D 1 Reply Last reply Sep 12, 2020, 1:51 PM Reply Quote 0
    • D
      DaddyGo @rcfa
      last edited by Sep 12, 2020, 1:51 PM

      @rcfa said in Browser page?:

      Example: I have admin access to pfSense from the public internet, but in the private network there are network devices, such as switches that have their own web interfaces, or there may be home automation devices with web interfaces, etc.

      Hi,

      NGFW is a serious IT front...
      the more unnecessary features we build into it, further I go, .... the more vulnerable it is

      if you want to manage multiple devices at once, like switches, VOIP ATA, APs, other tools with webservers...

      use OpenVPN remote access and access devices on the same subnet smoothly from your browser in multi-window mode

      https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/openvpn-remote-access-server.html

      @rcfa "Anyone else thinks that's a useful idea?"
      in my opinion, definitely NO, sorry for my honesty šŸ˜‰

      Cats bury it so they can't see it!
      (You know what I mean if you have a cat)

      R 1 Reply Last reply Sep 14, 2020, 2:11 PM Reply Quote 1
      • R
        rcfa @DaddyGo
        last edited by rcfa Sep 14, 2020, 2:35 PM Sep 14, 2020, 2:11 PM

        @DaddyGo Will your suggestion work over an IPsec link?

        My WAN is actually an IPSec tunnel, I know, a bit non-standard, but the only way I could get my block of addresses routed.

        So I’d need to run OpenVPN through IPSec

        As for the security implications: There’s of course the issue that pfSense has two distinct types of users.

        Type one uses pfSense as corporate firewall, this is an environment with plenty of special purpose servers (VoIP, mail, private cloud, etc.)

        The other is private home or home-office users. They can’t afford the money or time to maintain a slew of separate systems or they don’t even have the IP address space to support a variety of servers. So they would like to host all internet facing services on one system rather than maintaining multiple systems and a set of complicated forwarding rules, because that increases failure points and maintenance nightmares. As a matter of fact, the suggestion grew out of just such a nightmare, because to access the mail server, traffic needs to go through (managed) switch which is causing issues right now. Were my e.g. mail server on the pfSense unit, critical services would continue uninterrupted by some hardware acting up, which I can’t fix from afar.

        There is of course the option of using devices like FritzBox or Synology but they are much less transparent in what they do.

        So, obviously, packing everything into pfSense as standard makes no sense, but it does make sense to have modules for people who use pfSense as a border system on a small network and need some internet facing services, as not everyone is running a corporate firewall.

        While security is key, ā€œconvenienceā€ is sometimes more important, because with one end (and sometimes both ends, when I’m traveling) of my connection being thousands miles away, administering things locally often isn’t an option. Everything must be accessible globally and if that means somewhat decreased security, it can’t be helped.

        D 1 Reply Last reply Sep 15, 2020, 12:03 PM Reply Quote 0
        • J
          JeGr LAYER 8 Moderator
          last edited by Sep 14, 2020, 2:22 PM

          way I could get my block of addresses routed.

          If you get IPs routed, then you sure can use it on your firewall, can you not?
          And if you can use one of them on your firewall, you should be able to configure OpenVPN to listen to it.

          Don't forget to upvote šŸ‘ those who kindly offered their time and brainpower to help you!

          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

          R 1 Reply Last reply Sep 14, 2020, 2:37 PM Reply Quote 0
          • R
            rcfa @JeGr
            last edited by Sep 14, 2020, 2:37 PM

            @JeGr I’ll try...

            ...hope I’m not going to hang myself doing it, because that would require a very long trip.

            1 Reply Last reply Reply Quote 0
            • D
              DaddyGo @rcfa
              last edited by Sep 15, 2020, 12:03 PM

              @rcfa said in Browser page?:

              Will your suggestion work over an IPsec link?

              Sure...

              The whole IT world is remotely administered somehow, if you are worried use OpenVPN with a higher cipher.
              Currently, I consider it one of the best methods for remote management, except where that there are with completely separate mng. subnet, the latter is not typical in SOHO.

              Or where, in which device you can do separate the mng. option for a separate VLAN and access this mng. VLAN with OpenVPN.

              Cats bury it so they can't see it!
              (You know what I mean if you have a cat)

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received