Managment interface LuCi

Hello.

I have two internal VLAN with one isolated interface each.
Now I have noticed that I can log in to LuCi from both interfaces but the interfaces can’t see each other.
I guess that is as it should be but not what I want.

I am looking more for some kind of “management VLAN 1” setting?

I tried the uHTTPd setting to only listening on HTTP and HTTPS ip with the interface ip from VLAN1. I really believed this function would solve my problem after a reboot.
But it didn’t work as expected!? It was no problem to
log in from both interfaces with different interface IP address???

I made a “hoping for the best” setting and tried to reject input in firewall settings for the interface that should not be able to log in to LuCi, that didn’t work at all.

Do anyone have any idea how to only let one specific interface to log in to LuCi?

1 Like

Assign each VLAN to a separate firewall zone and edit the input zone policy to allow/reject incoming traffic.

2 Likes

The two VLAN are in two separate zones from the beginning.
Both with “allowed” on all tree (input, output and transfer).

I think I tried your idea yesterday to set the zone “not allowed to log in to LuCi” input=reject (the firewall manual says that input should control traffic from zone to router, so in theory it should work). The setting actually resulted in failure for the interface DHCP server to see the connected computers and give them a IP address after reboot. Switched back to Input=accept and the interface DHCP server started working again.

But the LuCi management problem persists?

You need to create explicit rules for DHCP and DNS as mentioned here:
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/start

2 Likes

Ok, I see😃
I made it right about 90% of the way but I didn’t made the rules for the DNS and DHCP traffic and then the zone input rule failed.
I will test this as soon as I can😃

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.