Remote LAN-in-a-box?

C

ccammack

I would like to access a remote jail/VM host behind a family member's home router without making any changes to their router config or adding additional hardware. (I suppose they could treat the host as a guest to disallow LAN access and allow only outgoing traffic.)

I think I need these things:
  • the host should get its default route and IP from whatever device it plugs into over DHCP
  • pf on the host to protect it from the LAN and to NAT the outgoing traffic (allow only SSH from the LAN to the host for setup and emergencies)
  • a new disconnected bridge on the host with its own private IP that is not bound to the physical interface
  • configure pf to route between the bridge and the physical interface
  • wg(client) on the host to connect with wg(server) on a public VPS
  • dnsmasq on the host, listening to the bridge, to serve DHCP to the jails/VMs and to serve DNS to both the jails/VMs and the host
  • dnsmasq will use 9.9.9.9 for unknown domains
  • create all of the jails and VMs on the private bridge network
Does that sound like the right approach? I'm especially fuzzy on network design and routing with pf, so I'm looking for details and simplifications.
 
I do this with tailscale, which manages all the details including authorization w/o me having to worry about it too much.
I use this for accessing my internal network which is behind a T-Mobile wireless gizmo with no user serviceable network config.
I can also access this via my mac or windows box too, since there's tailscale clients for that, as well as my freebsd laptop.

I know this isn't directly helpful to the path you are on, but might be an alternative worth considering.
 
You must log in or register to reply here.
Back
Top