Preventing access to WebGUI from WAN?



  • After some tinkering with configuration and rules I now have external access to WebGUI.. but I'm unable to revert it.

    On Advanced -> webConfigurator , all "disable" options are unchecked.
    I use an Alternate Hostname and changed port.

    I have no rules on my webGUI port (X) on WAN tab

    On Lan I have the following:

    ID Proto Source Port Destination   Port Gateway Queue Schedule Description

    *    *           * LAN Address    X * * Anti-Lockout Rule

    * LAN net * * * Failover none   Default allow LAN to any rule

    ???



  • Check the firewall rules on "WAN" interface.
    check your NAT/PortForward rules
    make sure you clicked "Apply Changes" on firewall rules and not just only "Save".
    Reset the states to make sure there isn't any existing



  • @Nachtfalke:

    Check the firewall rules on "WAN" interface.
    check your NAT/PortForward rules
    make sure you clicked "Apply Changes" on firewall rules and not just only "Save".
    Reset the states to make sure there isn't any existing

    Nothing

    I have some other ports open/forwarded but not the WebGUI port



  • Are you sure that there isn't any "Anti-Lockout rule" on the WAN interface ?

    Perhaps you can post a screenshot of your WAN firewall rules so that we can check what's going on ?



  • Silly question:  Are you testing it from inside your LAN?  I made the silly mistake once of creating a route out another WAN connection (same pfSense box) and tried to access WAN1's external IP address from WAN2, and all I got was the pfSense login page even though I didn't have that port open on the WAN.  Took me about an hour to figure it out.  I had to resort to using my iPad over 3G to test the perimeter of my pfSense box (still do on occasion).



  • @Nachtfalke:

    Are you sure that there isn't any "Anti-Lockout rule" on the WAN interface ?

    Perhaps you can post a screenshot of your WAN firewall rules so that we can check what's going on ?

    Maybe not a good idea to post the rules here?

    But I don't have any rule on my WebGUI port.

    @tim.mcmanus:

    Silly question:  Are you testing it from inside your LAN?  I made the silly mistake once of creating a route out another WAN connection (same pfSense box) and tried to access WAN1's external IP address from WAN2, and all I got was the pfSense login page even though I didn't have that port open on the WAN.  Took me about an hour to figure it out.  I had to resort to using my iPad over 3G to test the perimeter of my pfSense box (still do on occasion).

    I was testing from a proxy. Confirmed now on 3G I can't access it.


Log in to reply