NethServer Version: 7.9.2009
I have a problem to block server manager from internet (red interface). Also if I deny server manager access from wan into settings tab, I’m always able to get access to myip:9090 from internet.
Do I miss something?
Thank you for any feedback
And welcome to the NethServer Community!
You’re using the old NethGUI, also called Server Manager, (Port 980), not the newer Cockpit (Port 9090). The old NethGUI (Can still be used) doesn’t know about the newer Cockpit, it only blocks it’s own access from the Internet. If you use the newer Cockpit to set the access Option, you can block access to Port 9090 from the Internet…
My 2 cents
Did you take a look to the screenshot, dude? I think you’ve missed a cup of coffee this morning
Hi @egy87, AFAIK there’s also should be another place where you can restrict the access to Cockpit, and it’s placed here.
where you can specify an eventual set of pubblic IP addresses that should access to administrative interface.
I am assuming that after switching off RED access you clicked saved and you tried to access “from scratch” from a external device (eg. a private tab from a smartphone/tablet)
(moreover… i’m italian, but most of the community is not!
, so please, post screenshot in english
cockpit is easily translated with a couple of clicks and you can switch back to italian in the same way)
Yes, was a bit early this morning…
Long day, 2 - 3 hours from home today…
My 2 cents
Hi @pike, please take a coffee with @Andy_Wismer
It’s the same place as @Egy87 described, if you enable the access, you get the field to enter the IP.
@Egy87 Can you tell us something about your network configuration? Do you have a green and a red LAN?
IDK if he likes my flavour…
(sorry for the joke)
First of all many thanks to everyone for your feedback.
My goal is to block cockpit connection from all ip (except green interfaces), because the red interface of server is in DMZ of router, and basically the red interface is directly expose to internet. I don’t want that someone try to access to cockpit from internet.
After set as my screenshot and save, I tried to connect from my phone via 4G and I was able to get cockpit and access into.
I also try to use a firewall rule that block port 9090 for red interface, but also this solution didn’t work.
So, is there some things else to do? Or some configuration file to edit via terminal?
@giacomo might be a bug regression emerged?
I do not think so: that part of code has no recent changes.
I just did a quick test
--- /etc/shorewall/rules.open 2021-07-08 08:59:04.423612421 +0200
+++ /etc/shorewall/rules.close 2021-07-08 08:59:21.527846374 +0200
@@ -608,7 +608,6 @@
ACCEPT loc $FW tcp 9090
-ACCEPT net $FW tcp 9090
# Service: bandwidthd Access: NONE
Why are you thinking about a regression?
It seems to me a bad configuration somewhere (router, cable, etc…)
Might be an option too… Currently not able to test/verify issue if can be replicated.
@Egy87 would you please share your firewall configuration via screenshot? mask public ip addresses, and please, also show us the network configuration.