Block Guest Client to access pfsense Admin page



  • Hi Everyone

    i have a problem with pfsense

    my pfsense has 3 interfaces
    WAN - LAN - GUEST

    Guest ip is 192.168.0.1 with captive portal voucher and it work fine
    when people try to access internet, of course they asked for voucher code
    and the ip is something like this http://192.168.0.1:8000/index.php?redirurl=http%3A%2F%2Fwww.google.com%2F

    the problem is i dont want client access the pfsense Admin page
    when they simply tipe 192.168.0.1 in their web browser address

    any solutions ?

    i will appreciate for your reply

    thanks


  • Banned

    Stick this on the GUEST network FW rules



  • ONLY the guest interface.  Don't stick that rule on your LAN interface.


  • LAYER 8 Global Moderator

    That is one way to skin the cat.. I do it a bit different, I allow ping to guest interface address on pfsense, and then have an allow rule that only allows access to anything that is NOT my local networks.  So this alias includes all my local networks.. Which would include all the pfsense interface addresses on other segments.  So guest can only go out to the internet, they can even use pfsense dns - I hand out public dns servers to guest.


  • Banned

    @johnpoz:

    That is one way to skin the cat.. I do it a bit different, I allow ping to guest interface address on pfsense, and then have an allow rule that only allows access to anything that is NOT my local networks.

    Try with WAN IP from the guest net. ;)


  • LAYER 8 Global Moderator

    Try to hit my wan IP for admin from the guest?  Ah, good point - that is blocked from wan. But if coming from the lan that might be reachable..  Will clearly check today - thanks!!


Log in to reply