Where is the web GUI on SG-3100?
-
Sounds like a stupid question, sorry.
Tomorrow morning I will disable the (setup by default) LAN, and I don't want to lose GUI access. (I have a backup of my current config so can restore via console if it goes bannana-shaped, but I would prefer to understand where the GUI "is").
I want GUI access confined to VLAN_123
...imagine 192.168.123.0/24 with pfSense at static 192.168.123.1If GUI is (default) located on (default) LAN subnet .1, how do I move GUI to 192.168.123.1 ?
Chris
-
The webgui always listens on all interfaces.
If an interface has a pass rule to it, those hosts can access it.
-
@Derelict Excellent reply.
The hanging question is the "to it": where is "it"?Chris
-
You need a pass rule on the interface you are connecting from to the firewall address on the webgui port.
-
To explain:
From https://docs.netgate.com/pfsense/en/latest/firewall/firewall-rule-basics.html
This Firewall (self) - Any IP address assigned to any interface on this firewall (pfSense 2.2+)If I setup e.g OPT1 for GUI access with FW rule
blah blah blah to This Firewall (self), HTTPS
…it works!Changing This Firewall to the static IPv4 of OPT1
…does not workChris
-
Then you are doing it wrong because it doesn't matter which one you use. Probably post both rules and the method of testing.
-
Crossed posts: now reading yours
-
@Derelict
OK, this will be tomorrow (it's bedtime here).
Thanks so far.Chris
-
@Derelict
You made it clear enough: "The webgui always listens on all interfaces."
This morning: backup, disable LAN, and... YES: I still have GUI access from Cisco over trunk, direct from OPT1, (and temporarily direct from from WAN).I'm in GUI from WAN (static at 192.168.8.1)
FW rules on WAN:
Pass IPv4 TCP 192.168.8.202 * This Firewall 443 HTTPS * none TEMP GUI over WAN
Pass IPv4 ICMPany 192.168.8.202 * This Firewall * * none TEMP Ping over WAN
Modify the TCP rule replacing
This Firewall
with
Single host or alias: 192.168.8.1
and it works (as you said it should).Sorry to have troubled you. I'm switching between nine different IPs on my laptop -- must have been "doing it wrong" when I lost GUI on OPT1 during my experiments.
Thanks, Chris
