F5F Stay Refreshed Power Users Networks Establishing a direct link to your server.

Establishing a direct link to your server.

Establishing a direct link to your server.

C
chenglee1998
Member
Find
147
11-15-2025, 02:05 PM
#1
This approach could work but depends on your setup. Setting up a network to restrict server access while keeping it reachable from your main devices is feasible. Using a MikroTik switch and configuring firewall rules would help control traffic. Reddit suggestions point toward subnetting and client-initiated connections, which aligns with your goal. Software options like pfSense can assist in managing access, though you may need additional hardware for optimal performance. No immediate purchases required unless you decide to expand the setup later.
Reply
Reply
C
chenglee1998
11-15-2025, 02:05 PM #1

This approach could work but depends on your setup. Setting up a network to restrict server access while keeping it reachable from your main devices is feasible. Using a MikroTik switch and configuring firewall rules would help control traffic. Reddit suggestions point toward subnetting and client-initiated connections, which aligns with your goal. Software options like pfSense can assist in managing access, though you may need additional hardware for optimal performance. No immediate purchases required unless you decide to expand the setup later.

Reply
Reply
D
dutchmcsebas
Member
Find
69
11-17-2025, 12:31 AM
#2
Reply
Reply
D
dutchmcsebas
11-17-2025, 12:31 AM #2

Reply
Reply
_
_SaltyQuartz_
Member
Find
53
12-08-2025, 02:52 PM
#3
It's not about remote access per se. I want to isolate my server from the network, preventing it from being reachable while still letting internal queries pass through. Ideally using software on a Linux machine.
Reply
Reply
_
_SaltyQuartz_
12-08-2025, 02:52 PM #3

It's not about remote access per se. I want to isolate my server from the network, preventing it from being reachable while still letting internal queries pass through. Ideally using software on a Linux machine.

Reply
Reply
C
ChibiDusk
Member
Find
164
12-08-2025, 04:14 PM
#4
Confirming the setup: the server is either on your local network or a remote internet server. On Linux, you can manage security with iptables or nftables. If the server is online, restrict all outgoing connections while keeping necessary ports open for remote access. Ports like DNS and HTTP should remain active, but others can be limited to only exit your network. For instance, the nftable rules on my server include filters for incoming traffic, allowing specific IPs like 'localhost' and certain protocols while blocking others. Some ports must stay open, and you can set limits on outbound traffic to prevent unauthorized access. Remember, a local firewall won<|pad|> can block essential services, so ensure critical ones stay enabled. If compromised, relying solely on a local firewall isn't sufficient—network-wide rules are essential for robust protection.
Reply
Reply
C
ChibiDusk
12-08-2025, 04:14 PM #4

Confirming the setup: the server is either on your local network or a remote internet server. On Linux, you can manage security with iptables or nftables. If the server is online, restrict all outgoing connections while keeping necessary ports open for remote access. Ports like DNS and HTTP should remain active, but others can be limited to only exit your network. For instance, the nftable rules on my server include filters for incoming traffic, allowing specific IPs like 'localhost' and certain protocols while blocking others. Some ports must stay open, and you can set limits on outbound traffic to prevent unauthorized access. Remember, a local firewall won<|pad|> can block essential services, so ensure critical ones stay enabled. If compromised, relying solely on a local firewall isn't sufficient—network-wide rules are essential for robust protection.

Reply
Reply
M
megsterz
Member
Find
208
12-20-2025, 11:55 AM
#5
It's a very thorough explanation. I hope you'll consider adding a Raspberry Pi or something similar to your setup between your server and the rest of the network. This would help block any incoming traffic. Your server already has security in place, but having an extra layer adds extra protection. Thanks! Stay safe!
Reply
Reply
M
megsterz
12-20-2025, 11:55 AM #5

It's a very thorough explanation. I hope you'll consider adding a Raspberry Pi or something similar to your setup between your server and the rest of the network. This would help block any incoming traffic. Your server already has security in place, but having an extra layer adds extra protection. Thanks! Stay safe!

Reply
Reply
F
FelixYT_
Member
Find
77
12-22-2025, 03:09 AM
#6
It seems like you're using MikroTik, which acts as a managed router. It should handle firewalling for your devices. Setting it up might be more straightforward than a Pi, though it could still require some effort.
Reply
Reply
F
FelixYT_
12-22-2025, 03:09 AM #6

It seems like you're using MikroTik, which acts as a managed router. It should handle firewalling for your devices. Setting it up might be more straightforward than a Pi, though it could still require some effort.

Reply
Reply
S
Swordee
Junior Member
Find
4
12-22-2025, 04:04 AM
#7
It seems like your concerns about security are valid. If the server is vulnerable, any access from another client on the network could pose a risk, even without direct connections. If it's already on the WAN side, you should be able to reach it normally. Also, make sure the server and your router use the same WAN IP addresses.
Reply
Reply
S
Swordee
12-22-2025, 04:04 AM #7

It seems like your concerns about security are valid. If the server is vulnerable, any access from another client on the network could pose a risk, even without direct connections. If it's already on the WAN side, you should be able to reach it normally. Also, make sure the server and your router use the same WAN IP addresses.

Reply
Reply