Limit access to Web GUI

sigbert · January 14, 2019, 8:23am

Hi,

What I would like to do, is to limit the access to the Web GUI to specific network adresses, e.g. to all the machines in our network 192.168.XXX.YYY. I just tried 192.168.0.0:8384 which does not work.

From the discussion in Limit GUI access to LAN - possible? I got the impression that I have just two options, either allow access to the GUI only on from the local machine (127.0.0.1:8384) or from the world (0.0.0.0:8384). Is that true?

Best Sigbert

calmh · January 14, 2019, 8:35am

Yes, there is no IP ACL for the GUI. You could use the local firewall, maybe.

sigbert · January 14, 2019, 8:51am

Hi,

well if I would be familiar enough with firewalls then I could do so. But I’am not.

Why do you not just make a checkbox to tick? Now you create the impression that some further control is possible.

Best Sigbert

AudriusButkevicius · January 14, 2019, 8:54am

Further control is possible, but not for the purposes you are after. The edit box allows you to bind to a specific network card, so the GUI is available via VPN but not via lan etc.

There are plenty of guides explaining how to configure the firewall, and I do feel that this sort requirements live with the firewall rather than the application.

sigbert · January 14, 2019, 12:01pm

Well, you do not know my purpose. What I actually want is that only the (two) computers I synchronize can access the web gui of the other.

Actually, what I do is that I log from my home computer into the VPN network at work. Then I start via SSH syncthing on my work computer and on my home computer. The reason why I asked for a IP range is that my IP address for the home computer changes whenever I log into the VPN network. So maybe binding to a specific network card might be sufficient for me?

calmh · January 14, 2019, 12:09pm

Maybe it is. We cannot know without all the details of your setup, and dare not speculate.

AudriusButkevicius · January 14, 2019, 12:45pm

Your firewall surely supports CIDR notation to do what you need.

Let me reiterate, no changes will happen in syncthing related to this, so seek an alternative solution.

Catfriend1 · January 14, 2019, 1:26pm

Which OS are we talking about? Win firewall: add remote ip address range to your incoming fw rule is possible via gui (run wf.msc). Linux: e.g. Ubuntu has Google-able one liners with the ufw firewall mgmt command to limit incoming connections based on src address.

system · February 13, 2019, 1:26pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.