Mageia forum

share the magic

Skip to content

Internet facing VM

This forum is dedicated to advanced help and support :

Ask here your questions about advanced usage of Mageia. For example you may post here all your questions about network and automated installs, complex server configurations, kernel tuning, creating your own Mageia mirrors, and all tasks likely to be touchy even for skilled users.
Post a reply

Internet facing VM

Postby xboxboy » Sep 21st, '16, 05:13

I'm not sure if what I want to do is even possible, so any other or better suggestions welcome.

I want to setup a owncloud/nextcloud VM in virtual box, then have this vm internet facing. I have a fixed IP for the ADSL connection. I've had hacking issues on my webhosted websites, so for this VM that I'll be hosting I don't want it connected to the local network ie. If the VM get's hacked it can't do anything to my local network.

The purpose of the owncloud setup, is so that I can have access to and sync all my needed data from my business.

I don't know if virtual box allows this sort of connection, or whether it's even possible.
xboxboy
 
Posts: 400
Joined: Jun 2nd, '13, 06:41
Top

Re: Internet facing VM

Postby jiml8 » Sep 21st, '16, 05:58

Sure it's possible.

Set up a host-only network in VB, which will place your VM on its own subnet. Then, in your host (presumably a linux host) use iptables to make the connection between that host-only network and your host's WAN port. Also use iptables to block connections to/from your local LAN to the VM.

I'll get you started. Assume your host-only network is 172.16.187.0/24, and your host's local IP address is 192.168.10.2:
Code: Select all
sudo iptables -t nat -A POSTROUTING -s 172.16.187.0/24 -j SNAT --to-source 192.168.10.2
sudo iptables -I FORWARD -s 192.168.10.2 -d 172.16.187.0/24 -j ACCEPT

will connect your VB virtual machine with the internet. You will need a rule to block outgoing traffic from your VM to your LAN; this ruleset should block incoming traffic from any location other than your host.
jiml8
 
Posts: 1254
Joined: Jul 7th, '13, 18:09
Top

Re: Internet facing VM

Postby jiml8 » Sep 21st, '16, 06:02

By the way...

I run owncloud on my NAS, which runs NAS4Free. I use a high port for the owncloud connections, and of course the NAS is heavily secured. I have had no incidents at all of attempted hacking; the high port seems to be sufficient to keep attackers from finding it. At the same time, ports that are open on my workstation are under continuous attack,though once again my defenses seem to be adequate.
jiml8
 
Posts: 1254
Joined: Jul 7th, '13, 18:09
Top

Re: Internet facing VM

Postby xboxboy » Sep 21st, '16, 09:22

Thanks Jim, I forgot to mention, can two different VMs be run in the same method ie. One owncloud setup, and another VM running a web based invoice system etc?
xboxboy
 
Posts: 400
Joined: Jun 2nd, '13, 06:41
Top

Re: Internet facing VM

Postby jiml8 » Sep 21st, '16, 22:26

Sure you can do that. Just set up appropriate port forwarding using iptables.

The rules I gave you will permit VMs on the host-only network to connect to the internet; won't permit the internet to connect to the VMs. To do that, you have to forward the appropriate ports, both in your host and in any router between your host and the internet.
jiml8
 
Posts: 1254
Joined: Jul 7th, '13, 18:09
Top
Post a reply

Return to Advanced support

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB® Forum Software © phpBB Group