OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Prevent external access of webgui
« previous next »
  • Print
Pages: [1]

Author Topic: Prevent external access of webgui  (Read 2999 times)

unixpgmr

  • Newbie
  • *
  • Posts: 14
  • Karma: 1
    • View Profile
Prevent external access of webgui
« on: April 01, 2018, 06:48:22 pm »
Currently, my webGUI can be accessed by the internet.  I want to prevent this from happening. I have a VPN set up so if I want to access externally, I can. However, by default, it seems that anybody with a browser can get access. I would like to completely cut that off. Is there a way to do this?

Thank you in advance for your time.
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Prevent external access of webgui
« Reply #1 on: April 01, 2018, 07:53:03 pm »
If the web interface is available from the internet, you made it available from there. Undo everything you did to allow access from the internet and you are done.
Logged

unixpgmr

  • Newbie
  • *
  • Posts: 14
  • Karma: 1
    • View Profile
Re: Prevent external access of webgui
« Reply #2 on: April 01, 2018, 08:22:21 pm »
Thanks. I had to add the rule to allow wan access when I installed OPNSense. I just allowed everything to get it running.  I modified this and all works.

Thanks again
Logged

Oxygen61

  • Sr. Member
  • ****
  • Posts: 350
  • Karma: 30
  • Der Weg zum Erfolg hat keine Abkürzung - (Tanaka)
    • View Profile
Re: Prevent external access of webgui
« Reply #3 on: April 01, 2018, 10:23:58 pm »
Hey unixpgmr,

it's super important that you get your firewall-rules right and documented so that this mistake won't happen again. :)
Additionally there is one new sexy feature, which got added recently. You can actually configure the listen Interface for the Web-GUI access or SSH, see here:

>>   System: Settings: Administration

Underneath "Web GUI" go to "Listen Interfaces" and select the interfaces, which you want to access the Web-GUI from. As the "information" already tells you "only use with care".
Same for SSH underneath "Secure Shell".

Have fun! :)
Oxy
Logged

labsy

  • Newbie
  • *
  • Posts: 40
  • Karma: 0
    • View Profile
Re: Prevent external access of webgui
« Reply #4 on: April 02, 2018, 03:23:38 pm »
I like to keep WAN access to my router opened, but:
- to modified HTTPS public port, for example to 23782
- only from my home and work public IP addresses
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Prevent external access of webgui
« Reply #5 on: April 02, 2018, 04:25:49 pm »
You should use OpenVPN for GUI access from WAN. It is more flexible and very likely more secure.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Prevent external access of webgui
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2