OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: starf on February 23, 2017, 05:25:11 pm

Title: Webgui open from WAN
Post by: starf on February 23, 2017, 05:25:11 pm
New user, starting off i want to say hello and thanks for an epic product from Belgium.

After testing, i noticed the webgui is open from the WAN
I'm no expert, only notable things i changed are:
* created a third interface and disabled it. (For a future guest network)
* created a port forwarding rule and deleted it because it didn't work
* renamed the wan interface to "Internet" and renamed it back to WAN

There is only one port forwarding rule and that's the Anti-Lockout rule.

Could it be there is some problem with port forwarding causing this? I'm seeing alot of threads about that here.
Any ideas about what to check? Is this a bug?
Thanks in advance.
Title: Re: Webgui open from WAN
Post by: bartjsmit on February 23, 2017, 06:05:12 pm
Hi Starf,

If you haven't set up a port forward and the GUI is accessible from the WAN, you most likely have your interface assignments mixed up. By default, the web GUI is only accessible from the LAN interface.

The anti-lockout rule does not port forward - it only ensures that you cannot block TCP 80 and TCP 443 from the LAN interface which would lock you out of the GUI.

It is worth noting that you can revert to an earlier config (or even the factory default) from the OPNsense console which is accessible from a keyboard and monitor or over SSH if you have configured that.

Title: Re: Webgui open from WAN
Post by: starf on February 23, 2017, 06:37:59 pm
Yes, i know i can revert. Problem is, the system has been put into use already.
Guess i'll give it a try after office hours.
Title: Re: Webgui open from WAN
Post by: stormy on March 06, 2017, 08:28:31 pm
I think I got the same issue, and after some time, realized I was testing it incorrectly.

If testing from HOME/LAN and connecting to the External IP, then opnsense is smart enough to know that you are on the LAN (despite hitting the public IP), and it allows login.  Also, tested from phone, but did it via wifi, which also travels through the opnsense box, so it too allowed login to web ui.

Finally, tested with phone without wifi, on cellular network, and it does not allow login to web gui on WAN port.

Hopefully this helps another newbie :)