|
||||||||
After researching this for a while and still failing, I now must resort to asking. I have an 3rd NIC set as DMZ and want to prevent any Admin access to m0n0wall from the DMZ subnet. I followed what I thought was the answer (pasted below) but it didn't work. I've tried a few variations but access from the DMZ to the GUI persists. Configuration: WAN | m0n0wall | | LAN DMZ-10.10.1.1 | 192.168.1.1 ===== http://www.m0n0.ch/wall/list/showmsg.php?id=77/78 [m0n0wall] Disable Web GUI on OPT and/or LAN interfaces? Wed, 11 Aug 2004 10:50:40 +0100 Two firewall rules will sort it. One rule blocks connection attempts to the Web GUI entering on the DMZ interface to the DMZ interface IP, the other to the LAN interface IP. Action: Block Interface: DMZ Protocol: TCP Source: Any Source Port Range: Any/Any Destination Type: Single Host/Alias Destination Address: [Your DMZ IP] Destination Port Range: 80/80 (or whatever your GUI port is) Log: Yes (allows you to see which IPs are attempting to connect) Description: Block Web Admin from DMZ to DMZ interface Action: Block Interface: DMZ Protocol: TCP Source: Any Source Port Range: Any/Any Destination Type: Single Host/Alias Destination Address: [Your LAN IP] Destination Port Range: 80/80 (or whatever your GUI port is) Log: Yes (allows you to see which IPs are attempting to connect) Description: Block Web Admin from DMZ to LAN interface |