Anti lockout rule apply to optx LAN interface, not LAN nammed interface



  • Hi,
    It is not a bug nor an hot issue but I think something is missing here.

    In the Advanced WebGui interface menu there is an usefull option called 'Anti locakout rule' which should applied on the LAN interface to be sure that whatever rule you put in your lan config, you still could do an ssh, an http or https connection. Very wise and usefull!

    I have bridged my lan (opt1) with my wireless (ath0) and have now a bridge interface.
    I have rename LAN to OPT1 (which point to opt1 interface) and BRIDGE0 to LAN (which point to the bridge interface) and.. the anti lockout rule apply now to the opt1 interface…
    Of course I can define these rules by end but it could be better to set in the gui what IS the LAN interface so the anti lockout rule will apply to the existing (nammed) LAN interface.

    What do you think about this?

    Thanks


  • Rebel Alliance Developer Netgate

    The rule is locked to the internal interface name called "lan" - no matter what you rename that to, it's still "lan" on the inside.

    What you probably should have done is just to reassign the interfaces rather than rename them.



  • Hi,
    Thanks for your reply.
    Can I reassigne the LAN to a bridge interface?
    I never tried to do that to be honest…
    I have the following setup:

    LAN (bridge) -- wireless -- ath0
                  |--- opt1    -- vlan10 --- em1

    thanks


  • Rebel Alliance Developer Netgate

    Yes, it doesn't matter what is assigned where anymore - any interface can be assigned any type.



  • Excellent! I will try that I soon I can.
    Thanks!
    Romain



  • Well… I have checked where I can change the fact that opt1 is the lan interface and change it to the bridge interface with no luck.

    Using command line I see that opt1 is the lan interface but in the assign option, the setup ask me to do the setup again and can only assign the lan to emx.

    Using the GUI I can't find the right place also...
    Sorry to ask but what it the right place to change this?
    Thanks



  • @romainp:

    Well… I have checked where I can change the fact that opt1 is the lan interface and change it to the bridge interface with no luck.

    See Interfaces -> (assign) Interfaces assignment tab. Use the pull downs to assign pfSense interface name (left column) to FreeBSD interfaces name (right column).



  • Hmm I feel really stupid but I can't find in the interface assignement tab the way to force the lan interface to be the bridge interface.. See the screenshot and sorry to be such a noob…




  • Looks to me the pfSense LAN interface is already set to the bridge. (Notice the interface name in the Network Port column.) Interfaces can be changed by clicking on the down arrow on the right hard side of the boxes in the Network ports column and then clicking on the interface you want.



  • So it seems that on the gui part, all is setup correctly?
    But If I connect to the pfsense box, it seems that OPT1( vlan 100 on em1) is still configured as the LAN interface.
    I can't use the 'assigned interface' option because it asks me to reconfigure all the vlan and interfaces.

    *** Welcome to pfSense 2.0-RELEASE-pfSense (i386) on 2idf00 ***
    
      WAN (wan)                 -> pppoe0     -> 1.1.1.1 (PPPoE)
      OPT1 (lan)                -> em1_vlan100 -> NONE
      WIFI (opt1)               -> ath0_wlan1 -> NONE
      VLAN200 (opt2)            -> em1_vlan200 -> 192.168.2.1
      VPN1 (opt3)               -> ovpns2     -> 10.0.1.1
      DSL (opt4)                -> em0        -> 192.168.3.2
      DMZ (opt5)                -> em1_vlan5  -> 192.168.5.1
      LAN (opt6)                -> bridge0    -> 192.168.1.1
    
     0) Logout (SSH only)                  8) Shell
     1) Assign Interfaces                  9) pfTop
     2) Set interface(s) IP address       10) Filter Logs
     3) Reset webConfigurator password    11) Restart webConfigurator
     4) Reset to factory defaults         12) pfSense Developer Shell
     5) Reboot system                     13) Upgrade from console
     6) Halt system                       14) Disable Secure Shell (sshd)
     7) Ping host
    
    

Log in to reply