Homebrewzero Posted July 19, 2022 Share Posted July 19, 2022 Harding Unraid. So I doing a trail of unraid, and I have this dedicated server sitting in a colo with DIA(Direct internet Access) I can only access it via DRAC and Public IP. I was wondering if there is a good way to harden the server. My idea is to install PFSense as a VM. Have the PF sense proxy arp and point the unraid server gateway to the PFsense VM image. Is this possible? Quote Link to comment
trurl Posted July 19, 2022 Share Posted July 19, 2022 Don't put your server on the internet. Wireguard VPN is builtin, also My Servers plugin will allow remote access 1 Quote Link to comment
Homebrewzero Posted July 19, 2022 Author Share Posted July 19, 2022 (edited) There is no other options. Since it is in a colo ( CO Location) , and only has DIA. If I had a firewall and space to put it behind I would, but I do not. Edited July 19, 2022 by Homebrewzero Quote Link to comment
JonathanM Posted July 19, 2022 Share Posted July 19, 2022 29 minutes ago, Homebrewzero said: If I had a firewall and space to put it behind I would, but I do not. Unraid currently requires an additional firewall to be safe, it is not audited for direct exposure. This may change in the future, but as of this writing you must have it protected externally. Many of us run firewalls as VM's, but that requires multiple ethernet connections, the physical port connected to WAN is not accessible to Unraid, it is directly passed to the VM and excluded from Unraid, and the LAN port on the VM firewall is connected via a switch to Unraid's ethernet. This only works with a fully licensed server because internet access is required to start the array and VM's during the trial period, and if something goes wrong you must have a way to connect to the server OOB, like a separately firewalled IPMI port on the server. If the server is down, I have a separate hardware firewall waiting to be fired up to take the place of the VM while troubleshooting occurs. None of this is going to work well in a remote colo setting. Quote Link to comment
Homebrewzero Posted July 19, 2022 Author Share Posted July 19, 2022 Thank you, I should be able to get this going in my environment, it is not optimal. I'm not storing any personal information I just don't want my lab/gaming server to get owned. I should be able to use the bridge network to the VM ( proxy ARP the IP to firewall) and point the unraid server to firewall (VM) unraid seems to be the only OS option I have found that easily lets me manage Docker and QEMU items easily. I should be able do this with out any additional ethernet cables, and if I need to get into the system. I have remote console access via Idrac, and change the GW to turn it on. Quote Link to comment
Homebrewzero Posted July 23, 2022 Author Share Posted July 23, 2022 for any of those are are curious I have figured it out. I am able to do this because I do have an OOB DRAC access. 1.) Physical port plugs into the Server -> VM Firewall WAN -> VM Firewall LAN -> Unraid vlan.xxx. If I need to reboot the trail version and need internet access. I just add a public IP to the unraid no-firewall port, pull the license, turn on the array, remove the IP and turn on the VM firewall. It is a few extra steps but work with the trail version. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.