Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Block internal website *NEED SOME HELP*

    Firewalling
    3
    4
    2085
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      Zabimaru last edited by

      Hello,

      This is my setup:

      Internet –-> ISP Modem/router ---> pfSense v1.2 Beta ---> Netgear GS724T gigabit switch with all hosts connected.

      Some IP’s:

      ISP modem/router:      172.16.1.1
      pfSense WAN:          172.16.1.6
      pfSense LAN:          172.16.1.7
      Switch:              172.16.1.41
      Hosts:              172.16.2.xxx > 172.16.255.254

      The ISP modem/router has a webgui with verry low protection. It is possible to change settings without entering a password. Only for some ‘advanced’ features you’ll need a password.

      I want to block access to the webgui of the modem/router I got from my ISP.
      I have set up a rule like this and placed it above the default rule on the LAN interface:

      Proto:          TCP
      Source:          *
      Port:          *
      Destination:          172.16.1.1
      Port:          *
      Gateway:          *
      Schedule:          *
      Description:          *

      Correct me if I am wrong but this should block any host, with the TCP protocol, from any port source port to 172.16.1.1 (any destination port).

      I think the problem is that this router is the gateway / dns for my pfSense system.
      Could someone explain to me how this can be blocked ?
      I you  need more info, feel free to ask!

      1 Reply Last reply Reply Quote 0
      • Z
        Zabimaru last edited by

        Bump!  ;)

        Is the question to difficult or do you need more information?

        1 Reply Last reply Reply Quote 0
        • bellera
          bellera last edited by

          Hello!

          I think your IP ranges are not correct. You must use a subnet for your WAN (pfSense WAN  + LAN side of your ISP router) an another subnet for your LAN (pfSense LAN + switch + computers).

          After making the changes you can block any packet from LAN net to WAN net and your router will be inaccessible.

          Regards,

          Josep Pujadas

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            This actually works with the same subnet on both sides? Is this a bridge, or..?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post