Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Limiting access to ntop

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Comradin
      last edited by

      Hi,

      I've got ntop installed on my router, but I do not want everyone to be able
      to read the stats.

      So I openend the website, went to Firewall -> Rules -> LAN and added
      something like:

      Reject
      Proto: TCP
      Source: Lan subnet
      Destination: LAN addess
      Port: 3000 which translates to HBCI :)

      But, I still can access the port from every machine in my subnet.
      I tried to move the rule on top of all other rules or to the bottom,
      but nothing helps to limit the access.

      What am I doing wrong?

      regards,
      Marcus

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Your source is: "Lan subnet" meaning everyone out of your lan-subnet can access it.

        Change your source to the computer you want access from.

        Or if you want multiple users to be able to access it use aliases.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • C
          Comradin
          last edited by

          Hmm,

          I tried to block everyone, even myself in the test.
          Because of that I used Lan subnet as source.

          Changed it now to an alias using not, so everyone but
          me should be kept away, saved, reloaded, second machine
          opens the website fine..

          I have made two screenshots of my rule, maybe you could
          have a look at those.

          regards,
          Marcus

          P.S.: just deleted the two pictures, as they were unreadable.. resizing .png files suck :)

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            Can you get us some better quality please?

            1 Reply Last reply Reply Quote 0
            • C
              Comradin
              last edited by

              Yes,

              just realized, that I did render them unreadable :(

              Sorry for the mess up.

              Here is a better one.

              regards,
              Marcus

              rule_part_bearb.jpg
              rule_part_bearb.jpg_thumb

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                Are you sure the hbci alias is correct? Also try to disable the lan antilogout rule at system>advanced.

                1 Reply Last reply Reply Quote 0
                • C
                  Comradin
                  last edited by

                  Yes,

                  I am pretty sure about hbci, as I entered the value "3000" into the input field.

                  But your hint with the antilogout worked. Now the second machine cannot
                  access the ntop status page any longer.

                  Would nerver have found this myself! Many thanks to you!!!

                  kind regards,
                  Marcus

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.