Abigel Posted November 20, 2020 Share Posted November 20, 2020 Most people use a firewall like Pfsense to make their unraid system secure. But I don't want to have another instance that I have to watch out for on a regular basis and that in case of a failure the whole system will be down. Is it possible to have good security without a firewall ? So that the containers cannot talk to the host and only talk to each other if desired? And from the host only through a certain password protected interface into the network of containers? Or maybe completely different ? Please help me and give me some advice If this is the wrong area for such a question, I apologise and ask to be moved to the right area. Thanks Quote Link to comment
Ford Prefect Posted November 21, 2020 Share Posted November 21, 2020 On 11/20/2020 at 10:58 AM, Abigel said: Most people use a firewall like Pfsense to make their unraid system secure. But I don't want to have another instance that I have to watch out for on a regular basis and that in case of a failure the whole system will be down. ...what does your statement mean...about having "another instance"?...already have one? Then use it....enable VLANS and separate your containers, VMs and such. Quote Link to comment
Abigel Posted November 23, 2020 Author Share Posted November 23, 2020 I mean that I do not want to have more things to manage. Quote Link to comment
Ford Prefect Posted November 23, 2020 Share Posted November 23, 2020 IMHO there is no such thing as a free lunch. If you want your Dockers, VMs and other services separated, I suggest to run different VLAN...in order to manage these, you will need a proper Router (and Switch) suitable for the task. This router can be your existing ISP-Router, an additional piece of hardware (or replaceent of your ISP-Router) or a router VM in unraid. I'd suggest the latter if you only have your networks inside unRaid...should you also have different LANs, wired or wireless (like with different SSIDs), use a real router outside of unraid. ...running a simpler version, just for dockers is possible, see: https://docs.docker.com/network/ ...but involves some management as well, without the additional flexibility. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.