[ previous ] [ next ] [ threads ]
 
 From:  David Cook <david dot cook at jetpress dot com>
 To:  "'m0n0wall at lists dot m0n0 dot ch'" <m0n0wall at lists dot m0n0 dot ch>
 Cc:  'Mikael Bohlin' <Mikael dot Bohlin at se dot flextronics dot com>
 Subject:  RE: [m0n0wall] Disable Web GUI on OPT and/or LAN interfaces?
 Date:  Wed, 11 Aug 2004 10:50:40 +0100
Two firewall rules will sort it. One rule blocks connection attempts to the
Web GUI entering on the DMZ interface to the DMZ interface IP, the other to
the LAN interface IP.

Action: Block
Interface: DMZ
Protocol: TCP
Source: Any
Source Port Range: Any/Any
Destination Type: Single Host/Alias
Destination Address: [Your DMZ IP]
Destination Port Range: 80/80 (or whatever your GUI port is)
Log: Yes (allows you to see which IPs are attempting to connect)
Description: Block Web Admin from DMZ to DMZ interface

Action: Block
Interface: DMZ
Protocol: TCP
Source: Any
Source Port Range: Any/Any
Destination Type: Single Host/Alias
Destination Address: [Your LAN IP]
Destination Port Range: 80/80 (or whatever your GUI port is)
Log: Yes (allows you to see which IPs are attempting to connect)
Description: Block Web Admin from DMZ to LAN interface

>-----Original Message-----
>From: Mikael Bohlin [mailto:Mikael dot Bohlin at se dot flextronics dot com]
>Sent: 11 August 2004 10:37
>To: m0n0wall at lists dot m0n0 dot ch
>Subject: [m0n0wall] Disable Web GUI on OPT and/or LAN interfaces?
>
>
>
>I have guests connecting to a DMZ on the OPT interface, and 
>all works fine.
>
>But...
>
>These guests can connect to the web gui by surfing to their 
>"gateway", and
>if they manage to guess the userid/password they can change or reset my
>setup.
>
>Q: How can I restrict on what interface I want to allow the 
>Web gui? I only
>want the GUI accessible on the LAN interface...
>
>Thanks,
>
>Mikael
>

JET PRESS LIMITED
Nunn Close
Huthwaite
Nottinghamshire
NG17 2HW
UK

Web:	www.jetpress.com
Tel:	+44-1623-551 800
Fax: 	+44-1623-551 175


Confidentiality Notice 
This message and its contents are confidential.  The contents are solely for the attention of the
recipient(s) named above and any unauthorised disclosure, copying or distribution is forbidden.  If
you are not the recipient named above, please contact the sender immediately and destroy this
message.  The views expressed in this message are those of the sender and not necessarily those of
JET PRESS LIMITED.