[ previous ] [ next ] [ threads ]
 
 From:  "Baity F" <holycarp00 at hotmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Block DMZ Access to m0n0wall Web GUI Admin?
 Date:  Tue, 25 Apr 2006 13:50:46 -0700
After researching this for a while and still failing, I now must resort to 
asking.  I have an 3rd NIC set as DMZ and want to prevent any Admin access 
to m0n0wall from the DMZ subnet.  I followed what I thought was the answer 
(pasted below) but it didn't work.  I've tried a few variations but access 
from the DMZ to the GUI persists.

Configuration:

WAN
|
m0n0wall
|         |
LAN     DMZ-10.10.1.1
|
192.168.1.1

=====

http://www.m0n0.ch/wall/list/showmsg.php?id=77/78

[m0n0wall] Disable Web GUI on OPT and/or LAN
interfaces?
Wed, 11 Aug 2004 10:50:40 +0100

Two firewall rules will sort it. One rule blocks
connection attempts to the
Web GUI entering on the DMZ interface to the DMZ
interface IP, the other to
the LAN interface IP.

Action: Block
Interface: DMZ
Protocol: TCP
Source: Any
Source Port Range: Any/Any
Destination Type: Single Host/Alias
Destination Address: [Your DMZ IP]
Destination Port Range: 80/80 (or whatever your GUI
port is)
Log: Yes (allows you to see which IPs are attempting
to connect)
Description: Block Web Admin from DMZ to DMZ interface

Action: Block
Interface: DMZ
Protocol: TCP
Source: Any
Source Port Range: Any/Any
Destination Type: Single Host/Alias
Destination Address: [Your LAN IP]
Destination Port Range: 80/80 (or whatever your GUI
port is)
Log: Yes (allows you to see which IPs are attempting
to connect)
Description: Block Web Admin from DMZ to LAN interface