Preventing access to WebGUI from WAN?
-
After some tinkering with configuration and rules I now have external access to WebGUI.. but I'm unable to revert it.
On Advanced -> webConfigurator , all "disable" options are unchecked.
I use an Alternate Hostname and changed port.I have no rules on my webGUI port (X) on WAN tab
On Lan I have the following:
ID Proto Source Port Destination Port Gateway Queue Schedule Description
* * * LAN Address X * * Anti-Lockout Rule
* LAN net * * * Failover none Default allow LAN to any rule
???
-
Check the firewall rules on "WAN" interface.
check your NAT/PortForward rules
make sure you clicked "Apply Changes" on firewall rules and not just only "Save".
Reset the states to make sure there isn't any existing -
Check the firewall rules on "WAN" interface.
check your NAT/PortForward rules
make sure you clicked "Apply Changes" on firewall rules and not just only "Save".
Reset the states to make sure there isn't any existingNothing
I have some other ports open/forwarded but not the WebGUI port
-
Are you sure that there isn't any "Anti-Lockout rule" on the WAN interface ?
Perhaps you can post a screenshot of your WAN firewall rules so that we can check what's going on ?
-
Silly question: Are you testing it from inside your LAN? I made the silly mistake once of creating a route out another WAN connection (same pfSense box) and tried to access WAN1's external IP address from WAN2, and all I got was the pfSense login page even though I didn't have that port open on the WAN. Took me about an hour to figure it out. I had to resort to using my iPad over 3G to test the perimeter of my pfSense box (still do on occasion).
-
Are you sure that there isn't any "Anti-Lockout rule" on the WAN interface ?
Perhaps you can post a screenshot of your WAN firewall rules so that we can check what's going on ?
Maybe not a good idea to post the rules here?
But I don't have any rule on my WebGUI port.
Silly question: Are you testing it from inside your LAN? I made the silly mistake once of creating a route out another WAN connection (same pfSense box) and tried to access WAN1's external IP address from WAN2, and all I got was the pfSense login page even though I didn't have that port open on the WAN. Took me about an hour to figure it out. I had to resort to using my iPad over 3G to test the perimeter of my pfSense box (still do on occasion).
I was testing from a proxy. Confirmed now on 3G I can't access it.