Jump to content

Airmaster

Members
  • Content Count

    12
  • Joined

  • Last visited

Community Reputation

1 Neutral

About Airmaster

  • Rank
    Member
  1. Well, no responses, so I just went into the Ubunto VM, and used ufw: sudo ufw allow 25565 sudo ufw deny out from any to 10.99.3.10 That seems to work. Allows Minecraft in, and blocks access to Unraid.
  2. I did find this thread, but some of the advice makes no sense. Once recommendation was to use a separate subnet and block traffic at the router between them, but my access to Unraid shares are on the connection to the same subnet (10.99.3.x) that the VM is on, and that doesn't pass through the router. It isn't like I can't assign a 3.x address to the router, if I want to be able to bridge it to the VM.
  3. It seems regardless of vibr0 or br2, its not possible to prevent a VM from accessing a Unraid network share, unless you set them all to secure or private. Is this the case?
  4. I would like some advice in securing virtual machines so that they cannot connect to Unraid network shares or my LAN. My configuration PFSense on its own computer, with three NICs, WAN, LAN (10.99.2.X/24) , and Other (10.99.3.X/24) Unraid w/ 4 NICs, one on LAN (10.99.2.10, br0) and one on Other (10.99.3.10, br2), Other is directly connected to the PFSense machine, no switch UBuntu VM, currently on br2 PFSense rules (plan to port forward 25565 to whatever IP the Minecraft server has) Block access from Other to LAN Allow access from Other to All One concern I have is that the VM can access Unraid through 10.99.3.10. Is this an issue? Can you block this access? I don't have SMB installed on UBuntu, and plan to run Minecraft from a non-administrator (I hate calling it that, but UBuntu seems to not really have a root, just a sudo). Another option I have seen is to use vibr0, and I know that it is supposed to deny network access, but allow outgoing WAN. The documentation isn't clear if I can port forward to it so that is supports Minecraft (incoming WAN). Also, what subnet does vibr0 use, 10.99.2.x, or 10.99.3.x. I didn't see where it was configured, just that it was automatically created. Any problems with either solution, vibr0 or br2?
  5. Thanks...I have been waiting, but just got two more errors. I guess I will order a replacment.
  6. Today, I received two message for the same cache drive (see below). I currently have 4 cache drives, I guess is two drives, each with a mirror, all about 240 GB. Anyway, I am thinking I should replace the drive with errors. Do you agree? If so, could I just pull the drive with errors and just replace it, considered its mirrored, or do I need the follow the advice on the wiki? If so, on replacement of the cache drive, do I just hit the mover button after formatting and adding the drive as a cache? Unraid Cache disk SMART health [187]: 17-04-2019 11:37 Warning [ROOKS-SERVER] - reported uncorrect is 4 SanDisk_SDSSDA240G_154996402750 (sdc) Unraid Cache disk SMART health [5]: 17-04-2019 11:37 Warning [ROOKS-SERVER] - retired block count is 2 SanDisk_SDSSDA240G_154996402750 (sdc) Data, RAID1: total=224.44GiB, used=182.72GiB System, RAID1: total=32.00MiB, used=64.00KiB Metadata, RAID1: total=2.00GiB, used=459.52MiB GlobalReserve, single: total=127.00MiB, used=0.00B
  7. I would like some help with understanding my problem. First, I have things "working" but it bothers me that following the video from Spaceinvader didn't quite work. As I mentioned, I followed the instructions. When I point myself to the subdomain, I get the nginx default page. Somehow it isn't seeing the subdomain redirection. I followed some other instructions, and they mentioned that I can create a file in appdate/letsencrypt/nginx/site-confs directory, and I did so with the name nextcloud. I can't seem to get it to properly work using the same method with sonarr, as I get a bad gateway message. So, the questions I have are: 1. Why does it not work with proxy-confs (note that I tried to use port 444, and also the IP in proxy_pass, no difference). 2. What is the secret sauce to get sonarr working the same way as I got nextcloud working, or to properly get it to work in proxy-confs Hopefully this wasn't answered before, as I did search and read quite a few posts. File: appdata/letsencrypt/nginx/site-confs/nextcloud server { listen 443 ssl; server_name nextcloud.domainname.org; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://10.99.2.10:444/; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; } } File: appdate/letsencrypt/nginx/proxy-confs/nextcloud.subdomain.conf server { listen 443 ssl; listen [::]:443 ssl; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:443; } }
  8. Well, I moved my bz files from the previous install to the USB licensed drive and then ran it, upgraded back to 6.4, and now it seems like it is running fine.
  9. I popped in my old beta USB drive (switched to another one before I upgraded) and it boots up just fine. I wonder if its a 6.4 thing or something wrong in configuration. Either way, I am currently down, as I don't have a license to start the array and I am not sure what to do with my licensed USB drive...what do I change?
  10. I move the computer to a new case, and I am having problems since it seems to just shut off ethernet and it won't recognize drives. I took out all cards and unplugged, and also rebooted with no dockers enabled in both gui and console mode. In gui mode, it can't load the configuration page, just page not found. I am attaching the diagnostics, maybe someone can help. rooks-server-diagnostics-20180127-1939.zip
  11. Its just confusion right now. I would like to get some sort of idea how it would affect Unraid and also what virtual machine activities would be affected. I think they are reverse patching the beta Unraid kernel. Also if running a virtual machine, does this mean that we would get patched twice, once in the Unraid kernel, and another in the virtual machine kernel? As we know more, it would be great if Lime could put together some sort of FAQ. One thing that irks me is that I just ordered an older server e5-2630 based, which I don't think has the PCID feature. Any idea if Lime is going to make this kernel patch optional? It would be useful if one used Unraid for mainly a file server. I am surprised there isn't more of a discussion here.