Use entirely different approach: instead of VDSM and firewall rules replace your gateway with NGFW: for example, Untangle.But if you can’t change firewall - this would be the only solution I don’t like this approach for various reasons, including support, maintenance, and the trust issues: the vm is by definition untrusted machine connected to third party VPN network, therefore it cannot be trusted it to moderate itself. Configure these outbound restrictions on the VDSM instance itself, with, e.g. Replace the gateway with the one that does it of the box (e.g.As a bonus you will get a bunch of other useful features, such as SQM Install software that does: for example, OpenWRT supports your router (albeit with no wifi).If the existing router software does not allow you to configure firewall for outbound connections you have four options: I don’t have any other reliable solution to suggest. Alternatively, you can put your router to a bridge mode and use it as an access point and buy an actual firewall like Ubiquiti ER-X - which is enterprise-ish grass device for $60. You can of course try it and revert back if you don’t like it. I’m sure OpenWrt is stable in general, but since they state that the release for my router is just a snapshot with potentially experimental code, I’m less comfortable with it at this time.Ĭompletely understandable (however when was list time Linksys released software update that wasn’t a security patch? Also atheros firmware - that determines WiFi stability - is untouched it’s just software that changes and arguably will be much more stable than the one linksys rushes to get the product out of the door. Most consumer and application firewalls (that includes the ones in your gateway and diskstation) are aimed at controlling what gets in we need to control what gets out. It looks like I just have Port Forwarding and Triggering options under Apps and Gaming. if PIA connection goes down in your virtual instance it simply loses connectivity as opposed to exposing your activity to the ISP. you don’t screw up services on your main diskstation by rerouting all traffic via PIA you do that with your virtual instance instead that does not have anything important you don’t connect your main diskstation to hostile public VPN network bypassing your firewall source: VDSM’s IP destination: everywhere Acrion: Deny.source: VDSM’s IP destination: PIA endpoint Action: Allow.On your networks gateway add the following two firewall rules:.Configure your download station on the virtual instance to use that mounted nfs share for everything. on the virtual instance mount NFs share from main instance to some directory)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |