Block internal website *NEED SOME HELP*



  • Hello,

    This is my setup:

    Internet –-> ISP Modem/router ---> pfSense v1.2 Beta ---> Netgear GS724T gigabit switch with all hosts connected.

    Some IP’s:

    ISP modem/router:      172.16.1.1
    pfSense WAN:          172.16.1.6
    pfSense LAN:          172.16.1.7
    Switch:              172.16.1.41
    Hosts:              172.16.2.xxx > 172.16.255.254

    The ISP modem/router has a webgui with verry low protection. It is possible to change settings without entering a password. Only for some ‘advanced’ features you’ll need a password.

    I want to block access to the webgui of the modem/router I got from my ISP.
    I have set up a rule like this and placed it above the default rule on the LAN interface:

    Proto:          TCP
    Source:          *
    Port:          *
    Destination:          172.16.1.1
    Port:          *
    Gateway:          *
    Schedule:          *
    Description:          *

    Correct me if I am wrong but this should block any host, with the TCP protocol, from any port source port to 172.16.1.1 (any destination port).

    I think the problem is that this router is the gateway / dns for my pfSense system.
    Could someone explain to me how this can be blocked ?
    I you  need more info, feel free to ask!



  • Bump!  ;)

    Is the question to difficult or do you need more information?



  • Hello!

    I think your IP ranges are not correct. You must use a subnet for your WAN (pfSense WAN  + LAN side of your ISP router) an another subnet for your LAN (pfSense LAN + switch + computers).

    After making the changes you can block any packet from LAN net to WAN net and your router will be inaccessible.

    Regards,

    Josep Pujadas



  • This actually works with the same subnet on both sides? Is this a bridge, or..?


Log in to reply