This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Deny Access to Webadmin from eth1

Hi,

I have installed 3 NICs.

eth0_network
eth1_network
DSL

Now, I want allow to access to the Webadmin from LAN (eth0) and from outside (dynamic IP).
From eth1 access should be denyed!

I've practiced following settings:
allow -> any

packet-rule: deny from eth1_network Port 443 at Interface eth0.

But it doesn't work.

I also can access from eth1_network. :-(

Does anyone has any ideas?
Thanks a lot
Markus [:S]

This thread was automatically locked due to age.

Parents

0 Andy_01 over 22 years ago

WebAdmin -> System -> Settings, WebAdmin sectione "allowed networks" is what you are looking for...
Cancel
Vote Up 0 Vote Down

Cancel
0 Markus_de over 22 years ago in reply to Andy_01

Hi Andi,

that's the menu where I've changed the settings but the change did no affect!

I mean, how I can do the settings, that access from eth0 and from the WEB is allowed and eth1 not!

For the external traffic I've to change the settings to 'any' and this encludes the eth1, too!

Any ideas?
Markus
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Markus_de over 22 years ago in reply to Andy_01

Hi Andi,

that's the menu where I've changed the settings but the change did no affect!

I mean, how I can do the settings, that access from eth0 and from the WEB is allowed and eth1 not!

For the external traffic I've to change the settings to 'any' and this encludes the eth1, too!

Any ideas?
Markus
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Erik Nyman over 22 years ago in reply to Markus_de

Hi!

You don't need to set the type to any, you should have one network defined for outside. If you don't have that, define the interface for outside and one network definition for outside network is automaticly defined.
Cancel
Vote Up 0 Vote Down

Cancel
0 Andy_01 over 22 years ago in reply to Erik Nyman

Markus_de, if you want dynamic IPs accessing the WebAdmin you need to to set ANY which includes all networks, you are right. But I wouldn't recommend that.
Cancel
Vote Up 0 Vote Down

Cancel
0 firebear_01 over 22 years ago in reply to Andy_01

Hi markus_de,
is the any allow rule in front of the eth1 deny rule ?

firebear
Cancel
Vote Up 0 Vote Down

Cancel
0 Markus_de over 22 years ago in reply to firebear_01

Hi Erik,

I tried out to define only the DSL-NIC. But I've forgotten to make a backdoor. Now, I've got the problem, that I can't reach the WEB-Admin from none of the nics or Networks.

Do you have any idea?

Markus
Cancel
Vote Up 0 Vote Down

Cancel
0 Markus_de over 22 years ago in reply to Markus_de

Hi,

I SSHed in and edited the settings file in the /etc/wfe/conf directory.

Now I have access again.

Markus_de
Cancel
Vote Up 0 Vote Down

Cancel