Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: TheDarrenS on March 10, 2020, 01:32:19 PM

Title: Not sure what to call this, I need to block people seeing the opnsense login.
Post by: TheDarrenS on March 10, 2020, 01:32:19 PM
Hi folks, Just start Opnsense, Well anything like this to be honest. I was one of those lazy people that just used the router stuff.
Well, no more.
But. How does one stop someone seeing the Opnsense WebGUI from the WAN? I had no idea what to search for or I would have done that first.

So basically here is what I have at the moment.
4 ip block here in the UK

The first IP address of the IP block is unusable because it is the network address
The last IP address of the IP block is also unusable because it is the broadcast address
The second IP address is assigned to the router
The other IP addresses can be used as required.





D...
Title: Re: Not sure what to call this, I need to block people seeing the opnsense login.
Post by: chemlud on March 10, 2020, 02:47:27 PM
If "net" means your LAN: You can allow access only for specific hosts (would need to disable lock-out rule). Or even better: Have a service interface with exclusive access to the opnsense and disable access from normal LAN completely.
Title: Re: Not sure what to call this, I need to block people seeing the opnsense login.
Post by: TheDarrenS on March 10, 2020, 02:51:48 PM
Quote from: chemlud on March 10, 2020, 02:47:27 PM
If "net" means your LAN: You can allow access only for specific hosts (would need to disable lock-out rule). Or even better: Have a service interface with exclusive access to the opnsense and disable access from normal LAN completely.

Sorry I meant WAN.
Title: Re: Not sure what to call this, I need to block people seeing the opnsense login.
Post by: chemlud on March 10, 2020, 03:26:23 PM
WAN should be disabled by default iirc. Otherwise:

System -> Settings -> Administration -> Listen Interfaces
Text only | Text with Images