What I would like to do, is to limit the access to the Web GUI to specific network adresses, e.g. to all the machines in our network 192.168.XXX.YYY. I just tried 192.168.0.0:8384 which does not work.
From the discussion in Limit GUI access to LAN - possible? I got the impression that I have just two options, either allow access to the GUI only on from the local machine (127.0.0.1:8384) or from the world (0.0.0.0:8384). Is that true?
Yes, there is no IP ACL for the GUI. You could use the local firewall, maybe.
well if I would be familiar enough with firewalls then I could do so. But I’am not.
Why do you not just make a checkbox to tick? Now you create the impression that some further control is possible.
Further control is possible, but not for the purposes you are after. The edit box allows you to bind to a specific network card, so the GUI is available via VPN but not via lan etc.
There are plenty of guides explaining how to configure the firewall, and I do feel that this sort requirements live with the firewall rather than the application.
Well, you do not know my purpose. What I actually want is that only the (two) computers I synchronize can access the web gui of the other.
Actually, what I do is that I log from my home computer into the VPN network at work.
Then I start via SSH syncthing on my work computer and on my home computer. The reason why I asked for a IP range is that my IP address for the home computer changes whenever I log into the VPN network. So maybe binding to a specific network card might be sufficient for me?
Maybe it is. We cannot know without all the details of your setup, and dare not speculate.
Your firewall surely supports CIDR notation to do what you need.
Let me reiterate, no changes will happen in syncthing related to this, so seek an alternative solution.
Which OS are we talking about? Win firewall: add remote ip address range to your incoming fw rule is possible via gui (run wf.msc).
Linux: e.g. Ubuntu has Google-able one liners with the ufw firewall mgmt command to limit incoming connections based on src address.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.