Remotely Connecting to the Web Interface
When running MoveIt Pro on one computer (such as a robot controller or a Virtual Machine), and wanting to access the web interface from another computer (such as your host machine or a laptop), you need to set up network access to the required ports.
Required Ports
MoveIt Pro uses the following ports for its web interface and services:
- Port 80: Web UI frontend (main interface)
- Port 3200: REST API (backend services)
- Port 3201: MoveIt Pro WebSocket bridge (
foxglove_bridge) for browser-frontend ROS communication - Port 3202: Video streaming service
- Port 3203 (internal only — do not forward): Terminal service backing the in-UI Terminal pane (MoveIt Pro 9.4+). It binds to loopback (
127.0.0.1) and is served to the browser through the web UI's/terminal/proxy on port 80, so it needs no separate forwarding — it works wherever port 80 is reachable. It does not listen on an external interface, so forwarding it directly has no effect. - Port 3204 (optional): Legacy
rosbridge_servercompatibility sidecar forroslibpy/roslibjsclients. Only listens when launched withmoveit_pro run --enable-rosbridge; forward this port only if you need it. See Legacy Websocket Compatibility.
The first four ports (80, 3200, 3201, 3202) must be accessible from your remote computer to use the full functionality of the MoveIt Pro web interface. Port 3203 (the Terminal pane) never needs forwarding — it rides port 80 — and port 3204 is only relevant when the legacy compatibility bridge is enabled.
Port 3201 runs foxglove_bridge starting in MoveIt Pro 9.4 (earlier versions ran rosbridge_server on the same port), and the opt-in legacy rosbridge sidecar on port 3204 is also available in 9.4 and later.
Common Use Cases
Accessing from a Virtual Machine to Host
If you're running MoveIt Pro inside a Virtual Machine (VM), and want to access the web interface from your host operating system (for example, running Ubuntu in Parallels on macOS), you need to configure port forwarding.
Parallels (macOS)
- Shut down your VM
- Open Parallels Desktop
- Select the Window menu → Control Center
- Click the gear icon for your virtual machine to open Settings
- Select the Hardware tab
- Select Network and click Advanced...
- Click Open Network Preferences...
- In the Port forwarding rules: table, click the + button to add each port:
- Source Port: 80, Destination Port: 80
- Source Port: 3200, Destination Port: 3200
- Source Port: 3201, Destination Port: 3201
- Source Port: 3202, Destination Port: 3202
- For each rule, set Forward to: your virtual machine name
- Close all preferences windows
- Restart your VM
After configuration, access the web interface at http://localhost from your host machine's browser.
VirtualBox
- Power off your VM
- Open VirtualBox Manager
- Select your VM and click Settings
- Go to Network → Adapter 1
- Click Advanced → Port Forwarding
- Add rules for each port:
- Name:
web_ui, Protocol: TCP, Host Port: 80, Guest Port: 80 - Name:
rest_api, Protocol: TCP, Host Port: 3200, Guest Port: 3200 - Name:
web_bridge, Protocol: TCP, Host Port: 3201, Guest Port: 3201 - Name:
video, Protocol: TCP, Host Port: 3202, Guest Port: 3202
- Name:
- Click OK and start your VM
Access the web interface at http://localhost from your host machine's browser.
Accessing from a Remote Laptop
If MoveIt Pro is running on a robot controller or remote computer and you want to access it from your laptop over the network, you need to configure firewall rules on the computer running MoveIt Pro.
Ubuntu/Debian Firewall Configuration
If you're using ufw (Uncomplicated Firewall):
# Allow access to all MoveIt Pro ports
sudo ufw allow 80/tcp
sudo ufw allow 3200/tcp
sudo ufw allow 3201/tcp
sudo ufw allow 3202/tcp
# Enable the firewall if not already enabled
sudo ufw enable
# Check the status
sudo ufw status
For more restrictive access, you can limit connections to specific IP addresses:
# Replace 192.168.1.100 with your laptop's IP address
sudo ufw allow from 192.168.1.100 to any port 80 proto tcp
sudo ufw allow from 192.168.1.100 to any port 3200 proto tcp
sudo ufw allow from 192.168.1.100 to any port 3201 proto tcp
sudo ufw allow from 192.168.1.100 to any port 3202 proto tcp
Accessing the Interface
Once the firewall is configured, access the web interface from your remote laptop by navigating to: http://<robot-ip-address>
Replace <robot-ip-address> with the IP address of the computer running MoveIt Pro. You can find this IP address by running:
hostname -I
SSH Port Forwarding (Advanced)
If you have SSH access to the computer running MoveIt Pro but cannot modify firewall rules, you can use SSH port forwarding to tunnel the connections:
# Replace user@robot-ip with your SSH username and hostname/IP address
ssh -L 80:localhost:80 \
-L 3200:localhost:3200 \
-L 3201:localhost:3201 \
-L 3202:localhost:3202 \
user@robot-ip
Keep this SSH session open and access the web interface at http://localhost in your browser.
Troubleshooting
Web Interface Loads but Features Don't Work
If the web interface loads but some features are missing or not working:
- Verify that all four ports (80, 3200, 3201, 3202) are accessible
- Check your browser's developer console (F12) for connection errors
- Ensure no firewall or security software is blocking the connections
Cannot Connect to Web Interface
-
Verify MoveIt Pro is running on the remote computer
-
Check that the correct ports are forwarded/opened in the firewall
-
Test connectivity to individual ports using:
# Test from your local machinecurl http://<robot-ip-address>:3200/health -
Ensure there are no network routing issues between the computers
Performance Issues
When accessing the web interface remotely, you may experience slower performance, especially with video streaming. This is normal over network connections. For best performance:
- Use a wired network connection when possible
- Ensure good WiFi signal strength if using wireless
- Consider reducing video quality settings if streaming is laggy
Security Considerations
When exposing MoveIt Pro ports over a network:
- Only open these ports on trusted networks
- Use SSH tunneling for connections over untrusted networks
- Consider implementing additional authentication mechanisms for production deployments
- Limit port access to specific IP addresses when possible using firewall rules
For production deployments requiring remote access over the internet, please contact support@picknik.ai for guidance on secure deployment architectures.