In a Hyper-V VM I have 3 interfaces:
how do I change the LuCI and SSH servers from the lan interface to the mng interface?
The Idea is to have a network with static IPs dedicated to management
(I expected it to be easier)
thanks...
You can bind uhttpd (i.e. luci) to a specific IP address by going to Services > uhttpd in LuCI. You can bind the default SSH to a specific interface by going to System > Administration > SSH Access.
Thank you I managed to change the SSH Server but I can't find the Services section
syntax, suggested config got wrong values.
While you can bind the services to a specific address, the preferred method is to use the firewall to block all unauthorized networks (or allow specific ones). You can do both binding and firewalling, if you want, but the firewall is the one that really matters.
This is because the binding only affects the address on which the router listens/responds, it doesn't control who can access it.
For example, let's say you have two networks
trusted lan: 192.168.1.0/24, router 192.168.1.1
guest: 10.2.3.0/24, router 10.2.3.1
If you bind to the lan's address but you don't set the firewall rule, the router would not respond to requests on 10.2.3.1. But... a host on the guest network (say 10.2.3.142) will actually be able to reach the router at 192.168.1.1. So the router hasn't been protected.
On the other hand, if you don't use the binding, but instead restrict the 10.2.3.0/24 network from accessing the router at all, you'd find that both 192.168.1.1 and 10.2.3.1 would be accessable from the 192.168.1.0/24 network, but neither address would work from the guest network.
The second scenario is usually fine as the goal is to prevent guest access to the router's admin featues and other services. While using both methods isn't necessary, it would mean the router would only listen/respond on 192.168.1.1 AND only the trusted lan would have access.
Thank you for everything now everything is working
for future reference the steps where:
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! 
The preferred method for this is usually to set the accept zone rule to drop or reject. Then add rules to allow DHCP and DNS (in most typical cases). This way, all services are blocked except those that are explicitly allowed. In your situation, you have blocked the current admin ports (ssh, http, https), but any non-default services that have been installed/enabled could still be accessable to the network.
following @psherman advice some changes were made
Thank you for everything now everything is working
for future reference the steps where: