Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
TLS Web interface access.
« previous
next »
Print
Pages: [
1
]
Author
Topic: TLS Web interface access. (Read 5289 times)
Shockwaver
Newbie
Posts: 2
Karma: 0
TLS Web interface access.
«
on:
January 02, 2017, 09:41:43 pm »
Hello everyone.
I succesfully configured WAN, LAN, DHCP server, Firewall rules, NAT and so forth, but I am struggling with simple LAN-side access to web GUI via secure socket.
I have set this LAN Firewall rule (please see attachment) and I was thinking it should be enough, but it is not, how comes?
Thank you
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: TLS Web interface access.
«
Reply #1 on:
January 02, 2017, 10:09:42 pm »
You probably did not configure HTTPS under "System". You don't need to create a firewall rule for that because it is covered by the anti lockout rule.
Logged
Shockwaver
Newbie
Posts: 2
Karma: 0
Re: TLS Web interface access.
«
Reply #2 on:
January 03, 2017, 10:05:30 am »
Perfect Thank you! We totally missed that config section, sorry!
Ok, got it working under https, but then again we got confused about what you said: how comes the anti-lockout is enough? As far as we can see (it's in the attacment of my first post) it opens just port 80, is it also taking care of port 443 under the hood?
However, next step was to NAT a port for remote access to the web GUI (password is strong, connection is encrypted and IPs are controlled, so no worries) but we got dns rebind attack protection alert. We know what it is and we don't need this protection, how can we get rid of the alert to access with domain name from wan?
Or is there a better way than NATting the access?
Nevermind, I found out:
I just filled the input "Alternate hostnames" under System -> Settings -> Administration with the domain name(s) we'll be using to access this firewall.
Still I'd like to know why the anti-lockout rule which is specified for port 80 works also for port 443...
«
Last Edit: January 03, 2017, 10:51:50 am by Shockwaver
»
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: TLS Web interface access.
«
Reply #3 on:
January 03, 2017, 12:54:21 pm »
The Anti-Lockout rule works for the currently configured ports for the web based user interface as well as for ssh. It is some kind of an alias of up to thee ports which are passed if targeted to the firewall before your firewall rules are evaluated so you cannot accidentally lock yourself out by blocking one of this ports. It is probably only a GUI issue (if it is).
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
TLS Web interface access.