restrict gui to network interface

[jiraiya]

I have two network connections going to my NAS which you can find here https://pcpartpicker.com/b/K3zMnQ.
I am looking to to restrict the ability to log in to freenas to the network connection that is connected to my editing station. This way other people on the network cannot find the FreeNAS landing page and potentially try to break in.

Jiraiya

 

[Johnny Fartpants]

Think you would need a network based ACL to achieve this.

 

[danb35]

Can't you set the GUI to only listen on a specific IP? Yes, you can. Problem solved, no?

 

[Johnny Fartpants]

Can't you set the GUI to only listen on a specific IP? Yes, you can. Problem solved, no?

Not sure how this would solve the problem of someone else on the network navigating to the IP address via a web browser? If the two network connections he refers to were different networks then maybe assuming no other users had access to the specified webui network. However Im guessing his two network connections are coming from the same network?

 

[danb35]

Im guessing his two network connections are coming from the same network?

They shouldn't be: https://forums.freenas.org/index.php?threads/multiple-network-interfaces-on-a-single-subnet.20204/

When you have multiple "active" NICs, there are two valid configurations: (1) they're aggregated in some way with LAGG/LACP, or (2) they're assigned IPs in different subnets. Two interfaces having different IPs on the same subnet is not a valid configuration, and the GUI won't let you do it.

@jiraiya mentions "the network connection that is connected to my editing station". If that's connected directly to a second NIC on the editing station, the solution is as I mentioned above: assign an IP to that interface, and tell the GUI to only listen on that IP.