September 15, 20232 yr I'm having some problems accessing my server after upgrading to 6.12.4 from 6.11.5. The server now rejects any ssh connection unless it's from eth or wiregurad, and the webui rejects any access unless it's from eth, wiregurad or localhost. I have some frp methods that are set up with docker, which makes the source sometimes looks like localhost or from some virtual interfaces. How should I enable the webui and sshd to listen on all interfaces? Modifying `/boot/config/ssh/sshd_config` doesn't seem to work because those listen addresses are restricted by `rc.sshd` when the service starts and I don't want to get my hands dirty with that script, at least not before getting advised to do so by a developer. Also, I didn't find how to configure the webui server. Edited September 15, 20232 yr by chierinyan
September 15, 20232 yr Author I just noticed the Interface Extra settings in Network Settings. However, adding `lo` to `Include listening interfaces` did not work. `Current listening interfaces` stays unchanged after clicking Apply. I was able to add the other custom interface to `Current listening interfaces`, but the traffic is still blocked. I guess this is because the interface is created by docker, and all config files were generated before the container started.
November 29, 20232 yr Any luck? I'm having the same issue, my interface is created by Netbird. Containers seem to bind properly, but the UI and SSH don't.
December 1, 20232 yr Author On 11/29/2023 at 4:43 PM, fenya said: Any luck? I'm having the same issue, my interface is created by Netbird. Containers seem to bind properly, but the UI and SSH don't. A workaround is to prevent the init scripts from generating access control configs. For sshd it can be done by adding this line to `/boot/config/go` sed -i '/build_ssh$/d' /etc/rc.d/rc.sshd Once again, I really don't like touching these init scripts because touching them always causes a lot of trouble for me... Please be careful in production environments and take your own risk. I'm not familiar with those http stuffs so sorry can't help with WebUI. Perhaps some SNAT trick would also work. Limetech, please just add a black list mode...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.