luhzifer Posted May 20, 2021 Share Posted May 20, 2021 (edited) Hey guys, I am a new unRAID user and somehow can't seem to find a solution for my problem. I want to setup a VM dedicated to running a VITE (crypto currency) full-node. Therefor it needs to be quite exposed and i am afraid of intruders So here's the plan, I was trying to find a realisation for but unfortunately could not: - I have 3 NICs (1 onboard + dual NIC PCIe card) - I like to dedicate 1 NIC to the (ubuntu server) VM - I like to configure the VM so that it can access WAN but not LAN Is there a possibility for my wishes to become reality or is it too much of config and care? Thanks in advance 😘 Edited May 20, 2021 by luhzifer Quote Link to comment
ghost82 Posted May 20, 2021 Share Posted May 20, 2021 (edited) 1 hour ago, luhzifer said: Is there a possibility for my wishes to become reality or is it too much of config and care? I would use ufw into your ubuntu vm. With firewall rules similar to these: ufw default deny incoming ufw default allow outgoing ufw deny out to 192.168.1.0/24 This will block all incoming connections (so if you need some of these you need to add rules), it will allow all outgoing conenctions except on network 192.168.1.0/24 I don't know your specific setup, but there could be some issues if the vm needs to talk with the server and/or the router/modem, so you may consider setting different internal networks, or setup more specific rules to block outgoing connection to local ips/ports instead of blocking all the internal network. Currently I'm using this on a linux box to prevent other machines on the lan to see (outgoing blocking rules) and access (incoming blocking rules) smb shares on that box. Edited May 20, 2021 by ghost82 1 Quote Link to comment
luhzifer Posted May 20, 2021 Author Share Posted May 20, 2021 Ok, cool. So if I was to enable the communication to my router only, it would be what I need, I guess... Thanks for your reply Quote Link to comment
ghost82 Posted May 20, 2021 Share Posted May 20, 2021 (edited) 8 minutes ago, luhzifer said: Ok, cool. So if I was to enable the communication to my router only, it would be what I need, I guess... Thanks for your reply I think that: ufw default deny incoming ufw default allow outgoing ufw deny out to 192.168.1.0/24 ufw allow out to 192.168.1.1 should do the trick, assuming you have all on network 192.168.1.x and your router is 192.168.1.1. Maybe also adding: ufw allow from 192.168.1.1 Edited May 20, 2021 by ghost82 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.