- This topic is empty.
January 22, 2013 at 11:42 am #43555MasenkoMember
Our old firewall (appliance) cant handle the traffic any more and we are trying to get a pc running with zeroshell firewall.
We have it running and we can internet over it.. BUT we want to block access to the webmanagement interface page.. from outside..
Question to you all is:
Is this possible.. and if so could someone post a rule on how to accomplish this.
Thanks in advance.March 12, 2013 at 12:39 pm #52631JCMember
under Setup -> https -> add a rule for a local ip, or subnet, select its interface “ETH00 ETH01 etc” click the + then remove the default rule to allow ANY save and you are done.May 8, 2013 at 5:04 pm #52632mountainmanParticipant
I’m unclear on thie too.
ETH00 (192.168.0.75) is my WAN interface, ETH01 (192168.1.1) and ETH02 (192168.2.1) are the LAN side. I currently have the ETH00 of the ZS box connected to an upstream wifi router on the 192.168.0.xxx subnet, and another wifi AP connected to ETH01. This is for testing; ultimately ETH00 will be connected directly to a satellite modem at another location.
I created 3 firewall rules:
1 ETH01 * ACCEPT all opt -- in ETH01 out * 0.0.0.0/0 -> 0.0.0.0/0 no
2 ETH02 * ACCEPT all opt -- in ETH02 out * 0.0.0.0/0 -> 0.0.0.0/0 no
3 * * ACCEPT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
Then, I set the INPUT chain to “DROP” (OUTPUT and FORWARD are still “ACCEPT”). As I understand it, this should block any unsolicited connection from the ETH00 interface. I should be able to connect to the ZS admin via ETH01 and I can, but if I connect to the upstream router, it should block access… but it doesn’t.
What am I doing wrong?September 23, 2013 at 8:28 am #52633
Sorry to bump this topic but as I’m having the same issue, i’d like some help.
I want to block external access to the web interface standard port (tcp 80 and 443).
I have 2 wan interfaces, eth01 (192.168.10.250) and eth02 (192.168.11.250).
When I add an input chain to block tcp port 443 on incoming eth01 interface it doesn’t block anything.
Any idea ?September 23, 2013 at 11:22 am #52634redfiveParticipant
Take a look above at JC’s post..
greetingsSeptember 23, 2013 at 12:11 pm #52635
It doesn’t fit my need.
I want to specifically block tcp 80 and 443 connections on my wan interfaces.September 23, 2013 at 6:58 pm #52636redfiveParticipant
Hi Shadok , the management rules are “hidden” and “above” (in the input chain) others rules that you can add or remove via gui ( but you can see all rules through the view button , in firewall page).
Is possible to manage them via System>>Setup>>Https( ssh if required). Assuming ETH00 is your internal network , add ETH00 (and possibly the IP address from which the management is allowed) in “System>>Setup>>Https>>Allow access only from” , save, reboot the system (even if I never needed to reboot ….) and then try to access the web interface from wan…I have a setup similar to yours ,( two load balanced wan) and the management rules work perfectly
greetingsSeptember 23, 2013 at 9:31 pm #52637
Thanks but no (again).
Let me explain it more clearly.
I want to be able to access to zeroshell from my lan on ports 80 and 443.
But i want to be able to access it from outside, from whatever ip address i would be using, but on ports 980 and 943.
I add previously an adsl box which allowed me to do that with NAT.
Now, it’s only a gateway, so i can’t do that anymore.
I still have nat on zeroshell to redirect incoming 980 and 943 tcp ports to its web interface (80 and 443).
So i need to block 80 and 443 incoming ports from outside.
- You must be logged in to reply to this topic.