[SOLVED] Bind WUI to a specific interface

[rabievdm]

Hi,

I'm on the 17.1 series and was wondering if there is a way to bind the WebUI to a specific interface eg Internal and not have it bind to any other interfaces?
I'm trying to run an OVPN instance on the external interface on TCP443, whilst this appears to work the WebUI stops working when the firewall is booted as OVPN is already bound to the external interface by the time the WebUI starts.

Regards
Rabie

[franco]

Hi Rabie,

You can easily port-forward 443 from WAN to your OpenVPN port, or move the GUI away from port 443 if that works better for you.


Cheers,
Franco

[rabievdm]

Hi,

/facepalm should have thought of that

Would still be nice to limit which interfaces the WUI is availible on, extra bit of security.
Maybe ver 17.7

Thanks for the assist, much appreciated.

R

[franco]

Hi Rabie,

There is a feature request for this, but mind you in over 10 years of joint history nobody went ahead and did this. It's easy to get this wrong and end up locking yourself out. :/

https://github.com/opnsense/core/issues/1347

We've done cleanups for SSH in 17.1.5 that moves it over to our plugin framework. I want to do the same for the web GUI service (lighttpd specifically) to eventually make room for different HTTP servers. And maybe, just maybe, there is room for adding a big warning sign and optional per-interface selection.

I'll keep this in mind.


Cheers,
Franco