Is it possible to limit access to a single NIC?


5 posts in this topic Last Reply

Recommended Posts

Is there a proper way of changing the listen address for SSH and unraid front end in a way that will stick?

It looks like 

/etc/ssh/sshd_config

has listenaddress commented out so will default to 0.0.0.0

and 

/etc/nginx/conf.d/emhttp-servers.conf

had 

    listen *:80 default_server;
    listen [::]:80 default_server;


Looks like Samba doesn't have anything configured again so I believe will bind to all interfaces.

 

So as it stands everything is listening on every interface

 

I can change each of the config files but these won't survive a restart.

 

Is there a way of achieving this?

Link to post

There is a "hidden" parameter which you need to set directly in the file /config/ident.cfg (it is not available in the GUI)

BIND_MGT="yes"

After setting this parameter, reboot your system and it will have all management related access (GUI, ssh, telnet) restricted to eth0 (br0).

 

Link to post
3 hours ago, bonienl said:

There is a "hidden" parameter which you need to set directly in the file /config/ident.cfg (it is not available in the GUI)


BIND_MGT="yes"

After setting this parameter, reboot your system and it will have all management related access (GUI, ssh, telnet) restricted to eth0 (br0).

 

Can this be setup as an isolated network without breaking anything?

i.e. does this network still need internet access for UnraidOS, docker & plugin (github) updates?

Link to post
14 hours ago, tjb_altf4 said:

Can this be setup as an isolated network without breaking anything?

i.e. does this network still need internet access for UnraidOS, docker & plugin (github) updates?

 

This setting restricts management access to interface eth0 only, still this interface needs connectivity as before to do upgrades and plugin/docker installations.

 

Link to post
17 hours ago, bonienl said:

There is a "hidden" parameter which you need to set directly in the file /config/ident.cfg (it is not available in the GUI)


BIND_MGT="yes"

After setting this parameter, reboot your system and it will have all management related access (GUI, ssh, telnet) restricted to eth0 (br0).

 

always eth0?

What about Samba / Docker?

 

I don't actually have the second NIC yet to test but I am hoping I would be able to have management and samba on one nic and docker on both.

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.