Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

DMZ - Dedicated server or unraid VM

Featured Replies

Hi everyone,

 

I am already using Unraid for my home network and am impressed by its agility and simplicity.

 

I also have a dedicated e-mail server/SIEM server in a DMZ VLAN and am now wondering (as the Unraid host is getting bored) whether it makes sense to truncate the DMZ VLAN to the Unraid host and run the e-mail server/SIEM server as a VM?

 

Especially in terms of security (breaking out of the VM and then accessing internal servers) I am undecided here and would like to hear your thoughts on this.

  • 4 months later...

Possible yes should you IMHO no.

 

If you did, i would recommend the deny host plugin.
Unraid IMHO is not true enterprise grade software. Its slow to implement security and patches. Some changes due to repositories and packages they use are not always fully up to date. For this reason, I would not trust this system to be a forward facing machine. Is it capable to do so yes.

2 hours ago, bmartino1 said:

I would not trust this system to be a forward facing machine.

I'm not sure if I agree with that since otherwise you shouldn't be forwarding containers.

 

In my opinion it should be safe to put this one VM with it's own dedicated DMZ VLAN on the DMZ (as long as you only put the VM in this VLAN) since the forwarding is done on the Router/Firewall/Switch and as long as your VM running the Mailserver is up to date it should be fine. Sure the VLAN filtering is done on Unraid but that happens on the Kernel level and is part from the Linux network layer which should be considered also safe.

 

On 12/3/2023 at 9:59 AM, PullAndPush said:

breaking out of the VM and then accessing internal servers

That should be in it's own pretty hard since you don't use the Hosts Kernel and is isolated from the Host, but you know nothing is safe, nether VLANs are 100% safe...

 

In my opinion it should be pretty safe and many people run Mail servers in VMs or even Docker containers (which shares the Kernel from the host).

 

This is my opinion on that... :)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.