• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Preventing access to WebGUI from WAN?

Scheduled Pinned Locked Moved General pfSense Questions
6 Posts 3 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fernando36
    last edited by May 14, 2013, 1:13 PM

    After some tinkering with configuration and rules I now have external access to WebGUI.. but I'm unable to revert it.

    On Advanced -> webConfigurator , all "disable" options are unchecked.
    I use an Alternate Hostname and changed port.

    I have no rules on my webGUI port (X) on WAN tab

    On Lan I have the following:

    ID Proto Source Port Destination   Port Gateway Queue Schedule Description

    *    *           * LAN Address    X * * Anti-Lockout Rule

    * LAN net * * * Failover none   Default allow LAN to any rule

    ???

    1 Reply Last reply Reply Quote 0
    • N
      Nachtfalke
      last edited by May 14, 2013, 1:16 PM

      Check the firewall rules on "WAN" interface.
      check your NAT/PortForward rules
      make sure you clicked "Apply Changes" on firewall rules and not just only "Save".
      Reset the states to make sure there isn't any existing

      1 Reply Last reply Reply Quote 0
      • F
        fernando36
        last edited by May 14, 2013, 1:36 PM

        @Nachtfalke:

        Check the firewall rules on "WAN" interface.
        check your NAT/PortForward rules
        make sure you clicked "Apply Changes" on firewall rules and not just only "Save".
        Reset the states to make sure there isn't any existing

        Nothing

        I have some other ports open/forwarded but not the WebGUI port

        1 Reply Last reply Reply Quote 0
        • N
          Nachtfalke
          last edited by May 14, 2013, 3:04 PM

          Are you sure that there isn't any "Anti-Lockout rule" on the WAN interface ?

          Perhaps you can post a screenshot of your WAN firewall rules so that we can check what's going on ?

          1 Reply Last reply Reply Quote 0
          • T
            tim.mcmanus
            last edited by May 14, 2013, 4:07 PM

            Silly question:  Are you testing it from inside your LAN?  I made the silly mistake once of creating a route out another WAN connection (same pfSense box) and tried to access WAN1's external IP address from WAN2, and all I got was the pfSense login page even though I didn't have that port open on the WAN.  Took me about an hour to figure it out.  I had to resort to using my iPad over 3G to test the perimeter of my pfSense box (still do on occasion).

            1 Reply Last reply Reply Quote 0
            • F
              fernando36
              last edited by May 14, 2013, 4:48 PM

              @Nachtfalke:

              Are you sure that there isn't any "Anti-Lockout rule" on the WAN interface ?

              Perhaps you can post a screenshot of your WAN firewall rules so that we can check what's going on ?

              Maybe not a good idea to post the rules here?

              But I don't have any rule on my WebGUI port.

              @tim.mcmanus:

              Silly question:  Are you testing it from inside your LAN?  I made the silly mistake once of creating a route out another WAN connection (same pfSense box) and tried to access WAN1's external IP address from WAN2, and all I got was the pfSense login page even though I didn't have that port open on the WAN.  Took me about an hour to figure it out.  I had to resort to using my iPad over 3G to test the perimeter of my pfSense box (still do on occasion).

              I was testing from a proxy. Confirmed now on 3G I can't access it.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received