Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPMI security

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      amrogers3
      last edited by

      Running a pfSense box behind a uverse router.  The uverse router has a 172.16.x.x network where the TVs are connected.

      Not sure how this is happening but the IPMI interface is obtaining an 172.16.x.x IP address from the uverse router over the WAN interface.  The WAN interface has an external 99.52.x.x address.

      I can't help but to think this is a security problem.  Seems like a connection could be bridged from the WAN interface to the IPMI, it's all bad from there.

      Any thoughts on this?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Then you're either bridging LAN and WAN without proper filtering, or have an interconnection between the two elsewhere.

        1 Reply Last reply Reply Quote 0
        • A
          amrogers3
          last edited by

          @cmb:

          Then you're either bridging LAN and WAN without proper filtering, or have an interconnection between the two elsewhere.

          Nope, not bridging at all. Im not saying I can go from WAN interface to the LAN interface or vice versa. What I am saying is that it seems theoretically possible to access the IPMI from the WAN interface since they are on the same NIC.

          Wondering if anyone can shed any light on this or am I just being paranoid?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Why not swap the WAN and LAN ports so the IPMI interface will be on your LAN instead of on the WAN? If it's riding on the same physical port as WAN, that seems like a bad idea in general, but one with an easy solution.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • A
              amrogers3
              last edited by

              @jimp:

              Why not swap the WAN and LAN ports so the IPMI interface will be on your LAN instead of on the WAN? If it's riding on the same physical port as WAN, that seems like a bad idea in general, but one with an easy solution.

              Of course, the obvious! Let me try and see if that will work. Although, IPMI may by default be dynamically assigned to the WAN interface depending on what interface you designate as WAN.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.