Prevent external access of webgui

Started by unixpgmr, April 01, 2018, 06:48:22 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 01, 2018, 06:48:22 PM
Currently, my webGUI can be accessed by the internet.  I want to prevent this from happening. I have a VPN set up so if I want to access externally, I can. However, by default, it seems that anybody with a browser can get access. I would like to completely cut that off. Is there a way to do this?

Thank you in advance for your time.
April 01, 2018, 07:53:03 PM #1
If the web interface is available from the internet, you made it available from there. Undo everything you did to allow access from the internet and you are done.
April 01, 2018, 08:22:21 PM #2
Thanks. I had to add the rule to allow wan access when I installed OPNSense. I just allowed everything to get it running.  I modified this and all works.

Thanks again
April 01, 2018, 10:23:58 PM #3
Hey unixpgmr,

it's super important that you get your firewall-rules right and documented so that this mistake won't happen again. :)
Additionally there is one new sexy feature, which got added recently. You can actually configure the listen Interface for the Web-GUI access or SSH, see here:

>>   System: Settings: Administration

Underneath "Web GUI" go to "Listen Interfaces" and select the interfaces, which you want to access the Web-GUI from. As the "information" already tells you "only use with care".
Same for SSH underneath "Secure Shell".

Have fun! :)
Oxy
April 02, 2018, 03:23:38 PM #4
I like to keep WAN access to my router opened, but:
- to modified HTTPS public port, for example to 23782
- only from my home and work public IP addresses
April 02, 2018, 04:25:49 PM #5
You should use OpenVPN for GUI access from WAN. It is more flexible and very likely more secure.
Print
Go Up Pages1
User actions