hello,
can somebody explain me, what have i todo when i want access the webgui from the red site?
Current i dont have access to the webgui.
thx
vapaa
hello,
can somebody explain me, what have i todo when i want access the webgui from the red site?
Current i dont have access to the webgui.
thx
vapaa
Do that with port 444: https://wiki.ipfire.org/configuration/firewall/rules/port-forwarding/red_to_server_on_green
Source: Network RED -> Destination NAT -> Destination: Firewall ALL
Destination Port 444
Is there any need to expose IPFIRE’s administration GUI to everybody from outside the world? This would be very dangerous! - If you need to access your firewall from RED using a dedicated system (laptop e.g.) or a small number of systems: configure an OpenVPN roadwarrior-connection to GREEN and access the GUI from here - this would be the most secure way.
I can agree with suggestions to @baruch234.
Until GeoIP worked correctly, i downsized the access to 444 port on RED only from IP of my country.
And for several reasons, do not expose admin interface is a nice and safe setup.
Therefore… if:
keeping accessible the admin interface from internet is not a wise idea, but should not be like playing with lighter between tanks of gasoline
Instead of fail2ban will guardian drop any failed login attempts above three
IMHO
GeoIP is not working atm (list blank).
I think it is no good idea to search for a solution for admin access from RED. Administation should be done from GREEN ( or BLUE ). This is secure zone.
There are ways to allow access to LAN from outside for dedicated systems ( VPN, SSH tunnel ).
Use this to do a secure remote administration.
I use the ssh login with “public key based authentication” only, and port forwarding for that purpose.
I think that is the exact description of my “SSH tunnel” topic. Didn’t use it for years.
Nevertheless, one should establish exactly one secured access from outside to the internal net(s) for dedicated persons/devices. Thus access can be monitored/administrated without much overhead and complexity.
Hi Bernhard, do you have a link for the SSH tunnel discussion? Since the last update I cannot get it working. I would like to have it back as an alternative to VPN when/if it stops working (which it resently has done). Thanks