Dear All,
I got a mini-pc to host a public game server. I would like to have this mini-PC connected to the eth5 of my Chateau 5g AX, with full connection to Internet and pingable from all the other hosts on my LAN (to be able to set ithe game server up by keeping the Mini-PC on remote desktop control) but at the same time I would like to avoid any kind of connection from the Mini-PC to the LAN.
So far I've implemented these steps:
- I've removed the eth5 from the bridge called bridge (the only one I have):
- I've created a new bridge called bridge-gs;
- I've added the port eth5 to the bridge-gs;
- I've created a new range of addresses: 10.10.10.1/24;
- I've created the firewal NAT role to have the internet connection available for the bridge-gs;
- I've created a new DHCP server using the range addresses listed here above and linked it to the bridge-gs.
Now, before to create the firewall role to avoid a connection between the Mini-PC to the LAN I've connected the Mini-PC to the eth5 and in fact the right address was distributed to it: 10.10.10.2. At this point I've tried the inbternet connection from the Mini-PC and it was running. I've also tried to ping a client in the LAN from the Mini-PC and it was working, Unfortunately I was not able to ping the Mini-PC from any client on the LAN, which is actually the option I need to the set the game server by remote desktop.
So, all these things I've done here were with the meaning to keep my LAN more secured as possible from this client with a couple of port opened in order to have the game server online.
As you can understand by my message I'm a beginner on this field. Is there anyone can suggest me what I can implement to have the needed functionalities up and running with the best "secure" solution from any potential external attacks?
Many thanks,
sbonfa