Block internal website *NEED SOME HELP*

Zabimaru

Hello,

This is my setup:

Internet –-> ISP Modem/router ---> pfSense v1.2 Beta ---> Netgear GS724T gigabit switch with all hosts connected.

Some IP’s:

ISP modem/router:      172.16.1.1
pfSense WAN:          172.16.1.6
pfSense LAN:          172.16.1.7
Switch:              172.16.1.41
Hosts:              172.16.2.xxx > 172.16.255.254

The ISP modem/router has a webgui with verry low protection. It is possible to change settings without entering a password. Only for some ‘advanced’ features you’ll need a password.

I want to block access to the webgui of the modem/router I got from my ISP.
I have set up a rule like this and placed it above the default rule on the LAN interface:

Proto:          TCP
Source:          *
Port:          *
Destination:          172.16.1.1
Port:          *
Gateway:          *
Schedule:          *
Description:          *

Correct me if I am wrong but this should block any host, with the TCP protocol, from any port source port to 172.16.1.1 (any destination port).

I think the problem is that this router is the gateway / dns for my pfSense system.
Could someone explain to me how this can be blocked ?
I you  need more info, feel free to ask!

Zabimaru

Bump!  ;)

Is the question to difficult or do you need more information?

bellera

Hello!

I think your IP ranges are not correct. You must use a subnet for your WAN (pfSense WAN  + LAN side of your ISP router) an another subnet for your LAN (pfSense LAN + switch + computers).

After making the changes you can block any packet from LAN net to WAN net and your router will be inaccessible.

Regards,

Josep Pujadas

cmb

This actually works with the same subnet on both sides? Is this a bridge, or..?