Hi,
I had my difficulties to enable the remote management (HTTPS / SSH) on another network interface than LAN.
Most I read in the documentation as well as on community forums (e.g. Reddit, OpnSense Forum, ...) gave me wrong advises. Same for ChatGPT and any other LLM.
In this example, I use OPT1 as the management interface. But also works with any other
- Go to System -> Settings -> Administration
- Configure the Web GUI / SSH as you like
- Make sure, that the services binds to the network interface OPT1 (I personally have it temporarily bound to LAN and OPT1 until LAN can be deactived)
- Go to Filewall -> Rules -> Floating
- Adding an interface bound rule will not work. I haven't found any combination of rule settings, that gave me access
- I just mention the important properties to set. Feel free to adapt it to your needs afterwards
Action: Pass
Disabled: no
Quick: yes
Interface / Invert: no
Interface: <empty> (DO NOT SELECT ANY, OTHERWISE IT WON'T WORK!)
Direction: in
TCP/IP Version : IPv4
Protocol: TCP
Source / Invert: no
Source: OPT1 net
Destination / Invert: no
Destination: This Firewall (ANY DIDN'T WORK IN MY CASE)
Destination port range: HTTP or SSH
With these settings, I was able to use HTTPS and using their default ports.
A simple rule on the OPT1 interface directly works just as well.
For destination, OPT1 address should be sufficient.
I assume you meant HTTPS for the port.
What you are doing with the floating rule is unnecessary and potentially dangerous.
- leave the listen interface of the UI at "All (recommended)
- add a rule allowing access to each interface where necessary
Done.