Page 1 of 1
Internet facing VM
Posted:
Sep 21st, '16, 05:13by xboxboy
I'm not sure if what I want to do is even possible, so any other or better suggestions welcome.
I want to setup a owncloud/nextcloud VM in virtual box, then have this vm internet facing. I have a fixed IP for the ADSL connection. I've had hacking issues on my webhosted websites, so for this VM that I'll be hosting I don't want it connected to the local network ie. If the VM get's hacked it can't do anything to my local network.
The purpose of the owncloud setup, is so that I can have access to and sync all my needed data from my business.
I don't know if virtual box allows this sort of connection, or whether it's even possible.
Re: Internet facing VM
Posted:
Sep 21st, '16, 05:58by jiml8
Sure it's possible.
Set up a host-only network in VB, which will place your VM on its own subnet. Then, in your host (presumably a linux host) use iptables to make the connection between that host-only network and your host's WAN port. Also use iptables to block connections to/from your local LAN to the VM.
I'll get you started. Assume your host-only network is 172.16.187.0/24, and your host's local IP address is 192.168.10.2:
- Code: Select all
sudo iptables -t nat -A POSTROUTING -s 172.16.187.0/24 -j SNAT --to-source 192.168.10.2
sudo iptables -I FORWARD -s 192.168.10.2 -d 172.16.187.0/24 -j ACCEPT
will connect your VB virtual machine with the internet. You will need a rule to block outgoing traffic from your VM to your LAN; this ruleset should block incoming traffic from any location other than your host.
Re: Internet facing VM
Posted:
Sep 21st, '16, 06:02by jiml8
By the way...
I run owncloud on my NAS, which runs NAS4Free. I use a high port for the owncloud connections, and of course the NAS is heavily secured. I have had no incidents at all of attempted hacking; the high port seems to be sufficient to keep attackers from finding it. At the same time, ports that are open on my workstation are under continuous attack,though once again my defenses seem to be adequate.
Re: Internet facing VM
Posted:
Sep 21st, '16, 09:22by xboxboy
Thanks Jim, I forgot to mention, can two different VMs be run in the same method ie. One owncloud setup, and another VM running a web based invoice system etc?
Re: Internet facing VM
Posted:
Sep 21st, '16, 22:26by jiml8
Sure you can do that. Just set up appropriate port forwarding using iptables.
The rules I gave you will permit VMs on the host-only network to connect to the internet; won't permit the internet to connect to the VMs. To do that, you have to forward the appropriate ports, both in your host and in any router between your host and the internet.