Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Where is the web GUI on SG-3100?

    Scheduled Pinned Locked Moved
    Official Netgate® Hardware
    2
    9
    757
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chris-1028
      last edited by chris-1028

      Sounds like a stupid question, sorry.

      Tomorrow morning I will disable the (setup by default) LAN, and I don't want to lose GUI access. (I have a backup of my current config so can restore via console if it goes bannana-shaped, but I would prefer to understand where the GUI "is").

      I want GUI access confined to VLAN_123
      ...imagine 192.168.123.0/24 with pfSense at static 192.168.123.1

      If GUI is (default) located on (default) LAN subnet .1, how do I move GUI to 192.168.123.1 ?

      Chris

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        The webgui always listens on all interfaces.

        If an interface has a pass rule to it, those hosts can access it.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        C 2 Replies Last reply Reply Quote 1
        • C
          chris-1028 @Derelict
          last edited by

          @Derelict Excellent reply.
          The hanging question is the "to it": where is "it"?

          Chris

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            You need a pass rule on the interface you are connecting from to the firewall address on the webgui port.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • C
              chris-1028 @Derelict
              last edited by

              @Derelict

              To explain:

              From https://docs.netgate.com/pfsense/en/latest/firewall/firewall-rule-basics.html
              This Firewall (self) - Any IP address assigned to any interface on this firewall (pfSense 2.2+)

              If I setup e.g OPT1 for GUI access with FW rule
              blah blah blah to This Firewall (self), HTTPS
              …it works!

              Changing This Firewall to the static IPv4 of OPT1
              …does not work

              Chris

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Then you are doing it wrong because it doesn't matter which one you use. Probably post both rules and the method of testing.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                C 2 Replies Last reply Reply Quote 0
                • C
                  chris-1028
                  last edited by

                  Crossed posts: now reading yours

                  1 Reply Last reply Reply Quote 0
                  • C
                    chris-1028 @Derelict
                    last edited by

                    @Derelict
                    OK, this will be tomorrow (it's bedtime here).
                    Thanks so far.

                    Chris

                    1 Reply Last reply Reply Quote 0
                    • C
                      chris-1028 @Derelict
                      last edited by

                      @Derelict
                      You made it clear enough: "The webgui always listens on all interfaces."
                      This morning: backup, disable LAN, and... YES: I still have GUI access from Cisco over trunk, direct from OPT1, (and temporarily direct from from WAN).

                      I'm in GUI from WAN (static at 192.168.8.1)
                      FW rules on WAN:
                      Pass IPv4 TCP 192.168.8.202 * This Firewall 443 HTTPS * none TEMP GUI over WAN
                      Pass IPv4 ICMPany 192.168.8.202 * This Firewall * * none TEMP Ping over WAN
                      Modify the TCP rule replacing
                      This Firewall
                      with
                      Single host or alias: 192.168.8.1
                      and it works (as you said it should).

                      Sorry to have troubled you. I'm switching between nine different IPs on my laptop -- must have been "doing it wrong" when I lost GUI on OPT1 during my experiments.

                      Thanks, Chris

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.