Jump to content

Remote server firewall setup


Recommended Posts

Posted

I'm looking at building an Unraid server in the next few weeks for Plex mainly. I will be putting it in a DC that a friend owns some racks at, and that I currently have a small Proxmox cluster. I've recently discovered that Unraid is not designed to be connected directly to the internet. That is an issue in my use case because I do not have my own dedicated switch in this rack, the switch is simply shared with other servers that my friend rents to people (basically just dedicated servers). I'm not interested in asking him if I can install a private switch into the rack, as each rack unit I use costs him money due to loss of business space.

 

 

Obviously I don't want to just connect Unraid to the internet without protections so I have some questions and looking for possible solutions. I'm really just looking for virtual solutions to this problem, I'm not interested in trying to make physical changes to the rack unless absolutely necessary.

  • Unraid is Linux, can I not simply SSH in and install/enable UFW and close all the ports? I tried Googling this but nobody has provided it as a solution in the past, which confuses me because I've always seen UFW as a core Linux service that just works.
    • I use ZeroTier to virtually manage my private network on my Proxmox cluster, from what I read ZeroTier should work on Unraid, possibly through Docker.
    • Are there any plugins or Docker containers that would assist in locking the server down?
  • Is it okay to virtualize pfSense within an Unraid VM?
    • What are the disadvantages, such as slower download/upload speeds?
  • Is Unraid installed under a Proxmox node a viable solution? I see you guys have a dedicated forum for virtualizing Unraid, but I've heard negative things over the years about installing a hypervisor such as Unraid under Proxmox/ESXi/another hypervisor.
    • From what I read, if I go this route I would not be able to use VMs within Unraid. Not an issue since I'd have Proxmox there for that.
    • Is there any degradation in performance when sharing the Unraid Array with a Proxmox VM/container on the same node, specifically Plex streaming?
  • Any solutions I may not be aware of?

 

I'm really trying to avoid virtualizing pfSense or Unraid itself, as that just adds overhead and I didn't want it to be that complicated.

Posted

Can you add dedicate a NIC port on your proxmox to a pfsense install? That way you could plug Unraid into the LAN port of pfsense and not into the shared switch.

 

Pfsense as a VM in Unraid does work, I'm personally doing it, but not as an offsite hands off thing. It definitely wouldn't work for a trial install of Unraid, because of a chicken and egg issue. Unraid trial requires internet to validate and start the array, and the array must be started for VM's in Unraid to start. That's not an issue with a full license, as there is no phone home required.

 

Even with a full license, you need access sometimes to troubleshoot issues and if the pfsense VM won't start, no access. How do you access the IPMI on your proxmox hardware? If you can do the same with the Unraid unit's IPMI, it might work out ok.

Posted
6 hours ago, jonathanm said:

Can you add dedicate a NIC port on your proxmox to a pfsense install? That way you could plug Unraid into the LAN port of pfsense and not into the shared switch.

 

Pfsense as a VM in Unraid does work, I'm personally doing it, but not as an offsite hands off thing. It definitely wouldn't work for a trial install of Unraid, because of a chicken and egg issue. Unraid trial requires internet to validate and start the array, and the array must be started for VM's in Unraid to start. That's not an issue with a full license, as there is no phone home required.

 

Even with a full license, you need access sometimes to troubleshoot issues and if the pfsense VM won't start, no access. How do you access the IPMI on your proxmox hardware? If you can do the same with the Unraid unit's IPMI, it might work out ok.

I can see about running a cable, that shouldn't be an issue.

I access IPMI through a web control panel, I don't have full access, but I can do the basics such as start, stop, reboot, terminal access/vKVM, iso mount. It's not the user friendliest way of doing things, but it gets the job done if there is a networking issue that locks me out of the network.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...