Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
[SOLVED] Disable Web Interface on WAN Interface?
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Disable Web Interface on WAN Interface? (Read 13367 times)
lsc9x
Newbie
Posts: 2
Karma: 0
[SOLVED] Disable Web Interface on WAN Interface?
«
on:
August 06, 2016, 09:10:19 pm »
I searched for a bit looking for an answer on this and couldn't find one easily, so here's my question:
Right now, everything is working perfectly! My opnsense machine is acting as a router/firewall and I have the WAN set to DHCP for it's addressing, and the LAN set to a static IP running DHCP and forwarding DNS.
But there is a problem:
If I go to my WAN IP in a web browser, it comes up with my admin page! I absolutely DO NOT want to have a web logon available for hackers on the WAN interface and would like to disable the web logon, or ANY logon from the WAN interface. I would like the external WAN interface to be locked down as much as humanly possible. I don't need login access on the WAN interface, ever.
But I would like to retain web access on the LAN interface for administrative purposes, of course!
Is there an easy way to (properly) shut down logon and/or web access on the WAN interface?
Thanks!
«
Last Edit: August 07, 2016, 02:08:00 am by lsc9x
»
Logged
phoenix
Hero Member
Posts: 545
Karma: 58
Re: Disable Web Interface on WAN Interface?
«
Reply #1 on:
August 06, 2016, 09:45:19 pm »
I'm guessing that you're talking about connecting from your LAN, aren't you? If that's the case and unless you've forwarded or opened port 443 or 80 then the web ui is not available to the outside world.
Logged
Regards
Bill
Zeitkind
Full Member
Posts: 180
Karma: 27
Re: Disable Web Interface on WAN Interface?
«
Reply #2 on:
August 07, 2016, 12:05:32 am »
Well, it might be a bit confusing. If you connect from inside your LAN to the outside (WAN) IP-address of your firewall, you indeed will get the normal login page. If you check the same from outside - it won't work. Or should not - if you did not change anything. So - check from an outside address.
LAN-client -> LAN-IP of firewall = works
LAN-client -> WAN-IP of firewall = works
WAN-client -> WAN-IP of firewall = does not work (by default)
You might check this with an online scanner like
https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap
or
https://www.grc.com
or any other online scanner around.
So, traffic gets redirected, but there is no explicit rule for that shown in the GUI, prob. a dev will answer here.
Logged
lsc9x
Newbie
Posts: 2
Karma: 0
[SOLVED] Re: Disable Web Interface on WAN Interface?
«
Reply #3 on:
August 07, 2016, 02:07:05 am »
Excellent! Both of you appear to be correct, and thanks for the website links, Zeitkind! (Very useful tools, thanks!)
So yes, when I did the pentest, my server came back with next to nothing which is exactly what I wanted.
Just to be safe I VPNd to a remote server in a different country and looked back in and nothing was replying from my external IP.
Problems solved! =)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
[SOLVED] Disable Web Interface on WAN Interface?