Removing public NIC leaving internal NIC after installation

I

IvanG

Cadet
Joined
Aug 27, 2023
Messages
2
I have in production a TrueNAS Scale that was installed using its public IP.
Also configured a secondary physical NIC within the internal network. (10.x.x.x)

Although it is not exposing services to the internet (and it should not) aside ssh and the webUI, I want to disallow the public access to it.
What would be the way to do it in TrueNAS?

I guess will be one of:
1. remove from the interfaces page, the public NIC (not sure if it will affect anything else in TrueNAS)
2. disallow the access the the public IP using firewall (not sure what would be the procedure in TrueNAS)

Of course, I need it continue booting properly and being reachable within the internal network.

Thank you
 
chuck32

chuck32

Guru
Joined
Jan 14, 2023
Messages
623
IvanG said:
Although it is not exposing services to the internet (and it should not) aside ssh and the webUI,
Click to expand...
No, do not expose the webUI and SSH to the public. In fact it may be safer to expose some services to the public rather than the aforementioned.

I'm happily corrected here, but for example I only expose one UDP Port for my Pfsense VM for wireguard access to the public.* Currently I'd consider this safe, if it's not please correct me. I'm planning to migrate to Tailscale in the very near future to avoid any open ports though.

For your question: just unplug the cable and remove the configuration for the NIC.

* Background: a friend replicates to my secondary machine and I use Pfsense to limit wireguard access to the rest of my network. My router is not capable of that, the wireguard instance running there will expose my whole network to any client.
 
PhilD13

PhilD13

Patron
Joined
Sep 18, 2020
Messages
203
I'm planning to migrate to Tailscale in the very near future to avoid any open ports though.
Click to expand...

I would go ahead and do it. Tailscale will work with Pfsense and both work with Truenas and would be applicable to your example. Tom Lawrence has some videos on both as well as using them together.
 
I

IvanG

Cadet
Joined
Aug 27, 2023
Messages
2
How tailscale has anything to do with the question?
Is there a usecase I am not aware of?
 
chuck32

chuck32

Guru
Joined
Jan 14, 2023
Messages
623
IvanG said:
How tailscale has anything to do with the question?
Click to expand...
I went slightly OT regarding your question. I wanted to point out that exposing a service may not be unsafe compared to exposing the web GUI.
And then we just came across the topic of Tailscale in order to avoid opening any ports publicly.

I hope I answered your question in my post before.

@PhilD13 thanks! I started looking into it over the weekend and so far it was a breeze to setup in Pfsense. When I first looked at Tailscale I was thrown off by the ACL settings, but basically setting the allowed routes is what I was after.
I'll dive deeper into all the settings / security aspects and report back (probably in a separate thread then).
 
You must log in or register to reply here.

Similar threads

Rickinfl
  • Locked
10 Gig Nic and Internal Nic
Replies
2
Views
1K
Rickinfl
Rickinfl
M
kube-bridge switching states with public IP
Replies
0
Views
397
mivasi
M
U
Forcing Nic ip by mac address or some other method so True doesn't change it
Replies
9
Views
2K
elvisimprsntr
E
Ukhupacha
Trouble opening FAMP Server to Public Internet
Replies
11
Views
2K
danb35
danb35
L
NIC Removal Changed IP of TrueNAS Scale
Replies
2
Views
336
demanl
D
Top