I’ve got two NICs, and I want to use one for file sharing (with no access to admin interface) and the other to access the admin interface exclusively. The idea is that this will increase security because a laptop will need to be physically plugged into the '“admin” NIC in order to administer the TrueNAS machine.
Does anyone know of any guides for setting this up? Or have any pointers?
This isn’t a particularly difficult task.
You just need to assign an IP Alias to the interface you want to use for file-sharing. For example, 10.0.0.2/24.
Then assign another IP Alias to the second interface you want to use for administrative access only. For example, 10.0.1.2/24 (it’s important that the aliases associated to interfaces are on separate subnets, you cannot assign two interfaces an aliases with overlapping subnets).
You can set the WebUI to listen only on 10.0.1.2
, and the share to listen only on 10.0.0.2
. You can also set the allow list for the WebUI in Settings → Advanced -->Allowed IP Addresses to 10.0.1.0/24
.
Only problem is that you’ll need to have a static IP configured for the network adapter of whatever device is being connected to the ‘management’ interface directly, but considering you’re looking to make TrueNAS harder to access for users other than the Administrator that probably isn’t a problem.
I’ve just posted in another thread how this setup does not work for me, not sure what I’m doing wrong…
please let me know if you get this working. I’m still waiting for some hdds, and considering this setup once i’ve finished putting the system together.