Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Block Guest Client to access pfsense Admin page

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 4 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      Ferry Hung
      last edited by

      Hi Everyone

      i have a problem with pfsense

      my pfsense has 3 interfaces
      WAN - LAN - GUEST

      Guest ip is 192.168.0.1 with captive portal voucher and it work fine
      when people try to access internet, of course they asked for voucher code
      and the ip is something like this http://192.168.0.1:8000/index.php?redirurl=http%3A%2F%2Fwww.google.com%2F

      the problem is i dont want client access the pfsense Admin page
      when they simply tipe 192.168.0.1 in their web browser address

      any solutions ?

      i will appreciate for your reply

      thanks

      1 Reply Last reply Reply Quote 0
      • D Offline
        doktornotor Banned
        last edited by

        Stick this on the GUEST network FW rules

        1 Reply Last reply Reply Quote 0
        • K Offline
          kejianshi
          last edited by

          ONLY the guest interface.  Don't stick that rule on your LAN interface.

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            That is one way to skin the cat.. I do it a bit different, I allow ping to guest interface address on pfsense, and then have an allow rule that only allows access to anything that is NOT my local networks.  So this alias includes all my local networks.. Which would include all the pfsense interface addresses on other segments.  So guest can only go out to the internet, they can even use pfsense dns - I hand out public dns servers to guest.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 26.03 | Lab VMs 2.8.1, 26.03

            1 Reply Last reply Reply Quote 0
            • D Offline
              doktornotor Banned
              last edited by

              @johnpoz:

              That is one way to skin the cat.. I do it a bit different, I allow ping to guest interface address on pfsense, and then have an allow rule that only allows access to anything that is NOT my local networks.

              Try with WAN IP from the guest net. ;)

              1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator
                last edited by

                Try to hit my wan IP for admin from the guest?  Ah, good point - that is blocked from wan. But if coming from the lan that might be reachable..  Will clearly check today - thanks!!

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 26.03 | Lab VMs 2.8.1, 26.03

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.