Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Rules for webgui doesnt seem to work across interfaces!

    General pfSense Questions
    2
    5
    1264
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest last edited by

      Hello
      I use these settings for all of my network interfaces without LAN:http://blog.stefcho.eu/wp-content/uploads/2011/06/pfSense-2.0-RC1-Configure-Captive-Portal-for-Guests-FireWall-Rules-00.png

      Lan      10.10.10.10 (got default setting from pfense install)
      Guest1:10.10.10.20 (settings from the link)
      Guest2:10.10.10.30 (settings from the link)

      Why can I still access the webgui in one interface to another after I have used these settings?

      Example im in the Guest1 interface, the rules are working and I cannot get to the webui with this adress:10.10.10.20 or 10.10.10.10 ok its working! But when im trying to access 10.10.10.30 i get full access what to do?

      The same thing happens when im in Guest2 interface. I cannot access webgui with 10.10.10.30 or 10.10.10.10 but i can still access the webgui with 10.10.10.20.

      Thanks

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        Because you haven't blocked it!  ;)

        Rather than adding lots of rules this is a good situation to use an alias.
        Create a new alias, I called it LOCAL, add all your local subnets to it.
        Then change your 'Block Web GUI' rule to:

        Protocol: TCP
        Source: Guests net
        Destination: LOCAL
        Port: 443

        There are many ways of accomplishing this, as long as it's logically correct use whatever is most readable for yourself. Fewer rules take less cpu cycles to process.

        Steve

        1 Reply Last reply Reply Quote 0
        • ?
          Guest last edited by

          ah Ok:p

          I took a picture you posted in an older post and past it here:P

          Why did you choose 192.168.0.0
          If my lan: is 192.168.1.1
          Guest1:192.168.2.1
          Guest2:192.168.3.1
          Server:192.168.4.1

          Will i then use 192.168.0.0 as alias or will i use 192.168.1.0 or will I use all four:
          192.168.1.1 and 192.168.2.1 192.168.3.1 and 192.168.4.1

          And why have you used netmask 16? (192.168.0.0/16)

          Thanks


          1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator last edited by

            @Bebopper:

            Why did you choose 192.168.0.0

            Because I'm lazy.  :P

            192.168.0.0/16 is a subnet including all of 192.168..
            So it includes all of my local interface subnets. It also includes a load of address space I'm not using which is bad. A better way is to enter each subnet individually so that only your used space is in the alias but this is quicker and I'm lazy.  ;)

            Steve

            1 Reply Last reply Reply Quote 0
            • ?
              Guest last edited by

              hehe

              Im sorry for my late answer I havent have time before know!

              Thanks !!

              Then I learned something new!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy