Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
[Howto] Enabling the Web GUI / SSH on your management interface
« previous
next »
Print
Pages: [
1
]
Author
Topic: [Howto] Enabling the Web GUI / SSH on your management interface (Read 206 times)
dannyyy
Newbie
Posts: 3
Karma: 0
[Howto] Enabling the Web GUI / SSH on your management interface
«
on:
November 23, 2024, 12:03:10 pm »
Hi,
I had my difficulties to enable the remote management (HTTPS / SSH) on another network interface than LAN.
Most I read in the documentation as well as on community forums (e.g. Reddit, OpnSense Forum, ...) gave me wrong advises. Same for ChatGPT and any other LLM.
In this example, I use OPT1 as the management interface. But also works with any other
Go to System -> Settings -> Administration
Configure the Web GUI / SSH as you like
Make sure, that the services binds to the network interface OPT1 (I personally have it temporarily bound to LAN and OPT1 until LAN can be deactived)
Go to Filewall -> Rules ->
Floating
Adding an interface bound rule will not work. I haven't found any combination of rule settings, that gave me access
I just mention the important properties to set. Feel free to adapt it to your needs afterwards
Action: Pass
Disabled: no
Quick: yes
Interface / Invert: no
Interface:
<empty>
(DO NOT SELECT ANY, OTHERWISE IT WON'T WORK!)
Direction: in
TCP/IP Version : IPv4
Protocol: TCP
Source / Invert: no
Source: OPT1 net
Destination / Invert: no
Destination:
This Firewall
(ANY DIDN'T WORK IN MY CASE)
Destination port range: HTTP or SSH
With these settings, I was able to use HTTPS and using their default ports.
Logged
EricPerl
Full Member
Posts: 108
Karma: 4
Re: [Howto] Enabling the Web GUI / SSH on your management interface
«
Reply #1 on:
November 24, 2024, 12:33:24 am »
A simple rule on the OPT1 interface directly works just as well.
For destination, OPT1 address should be sufficient.
I assume you meant HTTPS for the port.
Logged
Patrick M. Hausen
Hero Member
Posts: 6923
Karma: 583
Re: [Howto] Enabling the Web GUI / SSH on your management interface
«
Reply #2 on:
November 24, 2024, 12:49:09 am »
What you are doing with the floating rule is unnecessary and potentially dangerous.
- leave the listen interface of the UI at "All (recommended)
- add a rule allowing access to each interface where necessary
Done.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
[Howto] Enabling the Web GUI / SSH on your management interface