Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Rules for webgui doesnt seem to work across interfaces!

    General pfSense Questions
    2
    5
    1479
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest last edited by

      Hello
      I use these settings for all of my network interfaces without LAN:http://blog.stefcho.eu/wp-content/uploads/2011/06/pfSense-2.0-RC1-Configure-Captive-Portal-for-Guests-FireWall-Rules-00.png

      Lan      10.10.10.10 (got default setting from pfense install)
      Guest1:10.10.10.20 (settings from the link)
      Guest2:10.10.10.30 (settings from the link)

      Why can I still access the webgui in one interface to another after I have used these settings?

      Example im in the Guest1 interface, the rules are working and I cannot get to the webui with this adress:10.10.10.20 or 10.10.10.10 ok its working! But when im trying to access 10.10.10.30 i get full access what to do?

      The same thing happens when im in Guest2 interface. I cannot access webgui with 10.10.10.30 or 10.10.10.10 but i can still access the webgui with 10.10.10.20.

      Thanks

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        Because you haven't blocked it!  ;)

        Rather than adding lots of rules this is a good situation to use an alias.
        Create a new alias, I called it LOCAL, add all your local subnets to it.
        Then change your 'Block Web GUI' rule to:

        Protocol: TCP
        Source: Guests net
        Destination: LOCAL
        Port: 443

        There are many ways of accomplishing this, as long as it's logically correct use whatever is most readable for yourself. Fewer rules take less cpu cycles to process.

        Steve

        1 Reply Last reply Reply Quote 0
        • ?
          Guest last edited by

          ah Ok:p

          I took a picture you posted in an older post and past it here:P

          Why did you choose 192.168.0.0
          If my lan: is 192.168.1.1
          Guest1:192.168.2.1
          Guest2:192.168.3.1
          Server:192.168.4.1

          Will i then use 192.168.0.0 as alias or will i use 192.168.1.0 or will I use all four:
          192.168.1.1 and 192.168.2.1 192.168.3.1 and 192.168.4.1

          And why have you used netmask 16? (192.168.0.0/16)

          Thanks


          1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator last edited by

            @Bebopper:

            Why did you choose 192.168.0.0

            Because I'm lazy.  :P

            192.168.0.0/16 is a subnet including all of 192.168..
            So it includes all of my local interface subnets. It also includes a load of address space I'm not using which is bad. A better way is to enter each subnet individually so that only your used space is in the alias but this is quicker and I'm lazy.  ;)

            Steve

            1 Reply Last reply Reply Quote 0
            • ?
              Guest last edited by

              hehe

              Im sorry for my late answer I havent have time before know!

              Thanks !!

              Then I learned something new!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post