Expose VM to internet and isolate from LAN with own NIC


Recommended Posts

Hey guys, I am a new unRAID user and somehow can't seem to find a solution for my problem. I want to setup a VM dedicated to running a VITE (crypto currency) full-node. Therefor it needs to be quite exposed and i am afraid of intruders ;-)

 

So here's the plan, I was trying to find a realisation for but unfortunately could not:

- I have 3 NICs (1 onboard + dual NIC PCIe card)

- I like to dedicate 1 NIC to the (ubuntu server) VM

- I like to configure the VM so that it can access WAN but not LAN

 

Is there a possibility for my wishes to become reality or is it too much of config and care?

 

Thanks in advance 😘

Edited by luhzifer
Link to comment
1 hour ago, luhzifer said:

Is there a possibility for my wishes to become reality or is it too much of config and care?

I would use ufw into your ubuntu vm.

With firewall rules similar to these:
 

ufw default deny incoming
ufw default allow outgoing

ufw deny out to 192.168.1.0/24

This will block all incoming connections (so if you need some of these you need to add rules), it will allow all outgoing conenctions except on network 192.168.1.0/24

I don't know your specific setup, but there could be some issues if the vm needs to talk with the server and/or the router/modem, so you may consider setting different internal networks, or setup more specific rules to block outgoing connection to local ips/ports instead of blocking all the internal network.

 

Currently I'm using this on a linux box to prevent other machines on the lan to see (outgoing blocking rules) and access (incoming blocking rules) smb shares on that box.

Edited by ghost82
  • Like 1
Link to comment
8 minutes ago, luhzifer said:

Ok, cool. So if I was to enable the communication to my router only, it would be what I need, I guess... Thanks for your reply 

I think that:

ufw default deny incoming
ufw default allow outgoing

ufw deny out to 192.168.1.0/24
ufw allow out to 192.168.1.1

should do the trick, assuming you have all on network 192.168.1.x and your router is 192.168.1.1.

Maybe also adding:

ufw allow from 192.168.1.1

 

Edited by ghost82
  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.