The original post: /r/homelab by /u/neilyoung57 on 2024-12-29 07:17:49.
Hi,
I’ve recently started building a very basic homelab. I use tailscale for remote but I’m considering exposing specific services to the internet.
Here is a simplified view of my homelab :
The general idea is to use a dedicated VM, connected to the OPT1 interface for services exposed to the internet.
- It’s incredibly difficult to get rid of the ISP router where I live. It’s very limited in terms of functionalities but allows basic port forwarding and redirections.
- All HTTP(S) request are forwarded to the OPNsense VM. No other ports are exposed on the ISP router.
- Caddy is installed on OPNsense to act as reverse proxy.
- The “public” VM connected to interface OPT1 uses it’s own virtual network not connected to any other network on the hypervisor.
- Access to other VM is limited to the local network (192.168.1.0/24) and Tailscale network.
I’m trying to airgap the public VM as much as possible. What step could I take to maximise security ?
You must log in or register to comment.