Block Web Interface Within Green Network

General questions.
Post Reply
GMJ23
Posts: 10
Joined: March 10th, 2018, 11:16 pm

Block Web Interface Within Green Network

Post by GMJ23 » April 3rd, 2018, 1:12 am

Hello forum,

I realize this may sound counter-intuitive but I'd like to block all access within the GREEN interface/network to the web interface. Possible to do it within IPFire or do I have to edit the firewall rules on the IPFire host itself?

Thanks everyone.

GMJ23
Posts: 10
Joined: March 10th, 2018, 11:16 pm

Re: Block Web Interface Within Green Network

Post by GMJ23 » April 5th, 2018, 1:44 am

I tried to use a firewall rule Source is GREEN network and destination is GREEN firewall but it doesn't do anything.

Is it possible? Can anyone help?

GrueMaster
Posts: 29
Joined: December 28th, 2017, 2:46 pm

Re: Block Web Interface Within Green Network

Post by GrueMaster » April 5th, 2018, 1:52 am

Erm, why? Why would you want to block all access to the password locked configuration GUI (which is essentially what it is)?

You could possibly block all with a rule to block traffic to port 444 (which is where the interface lives). Or are you trying to block all access to the internet (if so, whats the point of having a network connection - just unplug it).

Another option would be to make a vlan network on your physical green network connection, configure it as Blue, then move all traffic to it.

Guess I am not understanding the usage model here.

GMJ23
Posts: 10
Joined: March 10th, 2018, 11:16 pm

Re: Block Web Interface Within Green Network

Post by GMJ23 » April 5th, 2018, 2:30 am

GrueMaster wrote:
April 5th, 2018, 1:52 am
Erm, why? Why would you want to block all access to the password locked configuration GUI (which is essentially what it is)?

You could possibly block all with a rule to block traffic to port 444 (which is where the interface lives). Or are you trying to block all access to the internet (if so, whats the point of having a network connection - just unplug it).

Another option would be to make a vlan network on your physical green network connection, configure it as Blue, then move all traffic to it.

Guess I am not understanding the usage model here.
Thanks for the response. I'm testing out an unconventional setup. Here's where it gets odd.

I want to enable the web UI on the RED interface and disable it on the GREEN. I'm trying to set up several networks behind one another without allowing them to communicated upward vertically. I'd like the sub networks to only pass internet traffic upwards. Block 444 on their GREEN but allow the main to control the sub networks' ipfire web ui.

_________ Main network___________
________/_____________\__________
________|______________|__________
Sub network 1_______Sub Network 2

Make sense? I welcome opinions and feedback on this.

That's an interesting suggestion about making a VLAN. Didn't think of that.

fredym
Posts: 535
Joined: November 14th, 2016, 2:45 pm

Re: Block Web Interface Within Green Network

Post by fredym » April 5th, 2018, 9:04 am

GMJ23 wrote:
April 5th, 2018, 2:30 am
Make sense? I welcome opinions and feedback on this.

That's an interesting suggestion about making a VLAN. Didn't think of that.
Aaahh,, best way: open GUI to the world but block to GREEN ! ;-))

GMJ23
Posts: 10
Joined: March 10th, 2018, 11:16 pm

Re: Block Web Interface Within Green Network

Post by GMJ23 » April 5th, 2018, 3:25 pm

fredym wrote:
April 5th, 2018, 9:04 am
GMJ23 wrote:
April 5th, 2018, 2:30 am
Make sense? I welcome opinions and feedback on this.

That's an interesting suggestion about making a VLAN. Didn't think of that.
Aaahh,, best way: open GUI to the world but block to GREEN ! ;-))
Lol well, it's not actually open to the world just to the Main network. The main network is within a larger network.

fredym
Posts: 535
Joined: November 14th, 2016, 2:45 pm

Re: Block Web Interface Within Green Network

Post by fredym » April 5th, 2018, 4:36 pm

Hello,

suggestion: simply read about iptables - what you can do with it !

Fred

GMJ23
Posts: 10
Joined: March 10th, 2018, 11:16 pm

Re: Block Web Interface Within Green Network

Post by GMJ23 » April 5th, 2018, 5:08 pm

fredym wrote:
April 5th, 2018, 4:36 pm
Hello,

suggestion: simply read about iptables - what you can do with it !

Fred
Thanks Fred. That's not the answer to my question though. Are you saying i need to manipulate the iptables firewall on the ipfire host to block access to the GREEN network? If so, how?

TimF
Posts: 83
Joined: June 10th, 2017, 7:27 pm

Re: Block Web Interface Within Green Network

Post by TimF » April 5th, 2018, 5:29 pm

I think what you want is a variation on blocking access from the blue network to the web interface; see:

https://wiki.ipfire.org/configuration/f ... cesstoblue

The information you want is towards the bottom of the page. Note you may wish to block access to port 222 (the command line) as well.

GMJ23
Posts: 10
Joined: March 10th, 2018, 11:16 pm

Re: Block Web Interface Within Green Network

Post by GMJ23 » April 5th, 2018, 6:30 pm

TimF wrote:
April 5th, 2018, 5:29 pm
I think what you want is a variation on blocking access from the blue network to the web interface; see:

https://wiki.ipfire.org/configuration/f ... cesstoblue

The information you want is towards the bottom of the page. Note you may wish to block access to port 222 (the command line) as well.
That worked TimF, thanks. Just had to change the IP range to the internal one.

fredym
Posts: 535
Joined: November 14th, 2016, 2:45 pm

Re: Block Web Interface Within Green Network

Post by fredym » April 6th, 2018, 5:53 am

GMJ23 wrote:
April 5th, 2018, 5:08 pm
fredym wrote:
April 5th, 2018, 4:36 pm
Hello,

suggestion: simply read about iptables - what you can do with it !

Fred
Thanks Fred. That's not the answer to my question though. Are you saying i need to manipulate the iptables firewall on the ipfire host to block access to the GREEN network? If so, how?
I see, you did not read about iptables !

Fred

GMJ23
Posts: 10
Joined: March 10th, 2018, 11:16 pm

Re: Block Web Interface Within Green Network

Post by GMJ23 » April 6th, 2018, 11:47 pm

fredym wrote:
April 6th, 2018, 5:53 am
GMJ23 wrote:
April 5th, 2018, 5:08 pm
fredym wrote:
April 5th, 2018, 4:36 pm
Hello,

suggestion: simply read about iptables - what you can do with it !

Fred
Thanks Fred. That's not the answer to my question though. Are you saying i need to manipulate the iptables firewall on the ipfire host to block access to the GREEN network? If so, how?
I see, you did not read about iptables !

Fred
I did actually. Still learning about it. Very powerful. I don't understand all the subchains and what they are used for though.

Post Reply