My network devices:
router <-> gateway <-> local devices/servers
The gateway is running dietpi on a windows 10/hyper-v virtual machine.
Behind the ufw firewall on the gateway I run a reverse proxy, PiVPN, a wireguard server, and a pihole/unbound DNS server.
The ufw allowed (local) ports are: 22, 137, 138, 139, 445, 53 from 192.168.1.0/24
My problem: I can only access the local devices/servers either with the kill-switch off in wireguard and default ufw input “DENY”, or - when the kill switch is activated - by setting default ufw input to “ACCEPT” in /etc/default/ufw. Then everything runs fine, but I would prefer “DENY” as default ufw input rule with the kill-switch activated.
Following the approach in: https://github.com/MichaIng/DietPi/commit/cbad2b84702c0a18c68eb5b5da591dee92988080
would these additions to /dietpi/dietpi-vpn solve this problem?:
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p udp --dport 137 -j ACCEPT
-A INPUT -p udp --dport 138 -j ACCEPT
-A INPUT -p tcp --dport 139 -j ACCEPT
-A INPUT -p tcp --dport 445 -j ACCEPT
-A INPUT -p udp --dport 53 -j ACCEPT
Or is there a better way to achieve my preferred configuration?
Thanks in advance,
Thanks, good to know.
However, my local devices lost access to the pihole-DNS server behind the firewall of the gateway. I have not been able to figure out how that can be resolved. Any suggestions?
Solved: I educated myself a bit, and started the gateway from scratch, also because I wanted to run bullseye. I dropped the ufw, since the gateway is behind the router-firewall anyway. It now works without problems with wireguard, pihole, and nginx for reverse proxy access. Thanks for the exellent dietpi documentation and support!