• Content Count

  • Joined

  • Last visited

Community Reputation

1 Neutral

About jameson_uk

  • Rank


  • Gender

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I have in the past had OpenVPN setup to access my LAN remotely and that worked OK but I have been looking at using WireGuard but I can't quite figure out the best way to set this up. My network is setup across three VLANs with some of the docker containers running on Unraid assigned macvlan addresses on the different VLANs. I want to have some fine grain control over what can be accessed over the VPN but I am not sure where the routing takes place in this setup. I have tried various settings and I am able to access the Unraid server frontend but I can't seem to f
  2. That seems to suggest that deleting users will disable it but I don't have my FTP users configured but there is definitely a process listening on port 21. I will follow the link about killing it for good tomorrow
  3. Another check that noticed that port 111 was open for rpcbind. AIUI this is only necessary if you are using NFS so if NFS is not enabled should this process be running at all?
  4. I happened to notice that port 21 was open on my Unraid box even though I have never enabled ftp and it was definitely disabled previously. Now I can go in and disable the FTP server but as soon as I restart the box the ftp server starts again. The only thing I can find in syslog that is ftp related is ool www[15093]: /usr/local/emhttp/plugins/dynamix/scripts/ftpusers '0' '' which looking at the script suggests that 0 means disable ftp.
  5. This is setup on an Android phone. The wireguard app setup the connection by just scanning the QR which is fine but there is no control over opening the app and it added a shortcut to open the tunnel in the menu where you can turn on the torch (and is available without unlocking the phone). Are there any other Android clients that only open with biometric authentication?
  6. I have disabled NetBIOS in the config and that seems OK but I notice that Samba is listening on 139. I have added smb ports = 445 into the smb-extras.conf which does work and stops smbd listening on 139 Should this entry be added when you disable netbios via the GUI?
  7. Is there anyway of adding any form of authentication (beyond the shared keys)
  8. Is there anyway to add additional authentication in WireGuard? I have been able to get everything setup but it seems a bit too easy to enable access on my Android phone. I can simply click the shortcut menu item to connect, using OpenVPN I am have configured 2FA so someone cannot simply press a button to get full access to my LAN. It would be even better if I could use U2F from my Yubikey devices but I would take being able to add Google Authenticator as a first step
  9. always eth0? What about Samba / Docker? I don't actually have the second NIC yet to test but I am hoping I would be able to have management and samba on one nic and docker on both.
  10. Just to be clear, you mean exposed in image rather than mapped right?
  11. Is there a proper way of changing the listen address for SSH and unraid front end in a way that will stick? It looks like /etc/ssh/sshd_config has listenaddress commented out so will default to and /etc/nginx/conf.d/emhttp-servers.conf had listen *:80 default_server; listen [::]:80 default_server; Looks like Samba doesn't have anything configured again so I believe will bind to all interfaces. So as it stands everything is listening on every interface I can change each of the config files but these won't su
  12. I had a play around with a few of my containers and see the EXPOSE in the Dockerfile controls which ports show up here. I would have thought it would be far more useful to see what ports are actually in use (I guess the main point of the "show docker allocations" is to avoid conflicts which would be dependant on showing the ports actually mapped not the ones advertised but I can live with that (It is just a bit annoying that you cannot see the IP or ports for these without going into the config. So the WebUI thing (which is nothing to do with Docker) doesn't work on anything
  13. It is not a worry just a slight annoyance. There is now a port exposed as I added this via unraid but this is being picked up from the image not unraid? (hence it is possible to add ports in Unraid and they won't appear in the GUI?) The bridge isn't an issue (see the top one, that has details). What about the Web UI though, that has to be unraid specific and I have updated the template to include a web UI address but this doesn't appear in the menu for the container.
  14. I am struggling to work out why some info isn't showing up for some of my containers. eg. some containers are not showing any port mappings even though they are in use and working eg. looking at this container (I know it is stopped) shows the port mappings however this container doesn't show anything even though I do have port mappings defined (it is showing the volume mappings though) I have also attempted to add the missing Web UI for this container but whilst it is showing and included in the user template /boot/config/plugins/dockerMan/tem
  15. My understanding is that I could create a custom docker network (outside of VLAN1 or 10) and have both containers in this network. Only one would have any ports accessible but being on the same network it would be able to access to other container. The difference to running this on Macvlan is that currently everything on VLAN 10 can see and access this container that I essentially want to hide. Or at least that is what I think I can do.....