• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Rules for webgui doesnt seem to work across interfaces!

Scheduled Pinned Locked Moved General pfSense Questions
5 Posts 2 Posters 1.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • ?
    Guest
    last edited by Jun 21, 2012, 9:40 AM

    Hello
    I use these settings for all of my network interfaces without LAN:http://blog.stefcho.eu/wp-content/uploads/2011/06/pfSense-2.0-RC1-Configure-Captive-Portal-for-Guests-FireWall-Rules-00.png

    Lan      10.10.10.10 (got default setting from pfense install)
    Guest1:10.10.10.20 (settings from the link)
    Guest2:10.10.10.30 (settings from the link)

    Why can I still access the webgui in one interface to another after I have used these settings?

    Example im in the Guest1 interface, the rules are working and I cannot get to the webui with this adress:10.10.10.20 or 10.10.10.10 ok its working! But when im trying to access 10.10.10.30 i get full access what to do?

    The same thing happens when im in Guest2 interface. I cannot access webgui with 10.10.10.30 or 10.10.10.10 but i can still access the webgui with 10.10.10.20.

    Thanks

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Jun 21, 2012, 7:42 PM

      Because you haven't blocked it!  ;)

      Rather than adding lots of rules this is a good situation to use an alias.
      Create a new alias, I called it LOCAL, add all your local subnets to it.
      Then change your 'Block Web GUI' rule to:

      Protocol: TCP
      Source: Guests net
      Destination: LOCAL
      Port: 443

      There are many ways of accomplishing this, as long as it's logically correct use whatever is most readable for yourself. Fewer rules take less cpu cycles to process.

      Steve

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by Jun 22, 2012, 2:37 PM

        ah Ok:p

        I took a picture you posted in an older post and past it here:P

        Why did you choose 192.168.0.0
        If my lan: is 192.168.1.1
        Guest1:192.168.2.1
        Guest2:192.168.3.1
        Server:192.168.4.1

        Will i then use 192.168.0.0 as alias or will i use 192.168.1.0 or will I use all four:
        192.168.1.1 and 192.168.2.1 192.168.3.1 and 192.168.4.1

        And why have you used netmask 16? (192.168.0.0/16)

        Thanks

        aliases.jpg
        aliases.jpg_thumb

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by Jun 22, 2012, 3:30 PM

          @Bebopper:

          Why did you choose 192.168.0.0

          Because I'm lazy.  :P

          192.168.0.0/16 is a subnet including all of 192.168..
          So it includes all of my local interface subnets. It also includes a load of address space I'm not using which is bad. A better way is to enter each subnet individually so that only your used space is in the alias but this is quicker and I'm lazy.  ;)

          Steve

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by Sep 4, 2012, 10:41 AM

            hehe

            Im sorry for my late answer I havent have time before know!

            Thanks !!

            Then I learned something new!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received