To better protect your virtual machines, you can use a firewall like PfSense, using the local networks in your Private Cloud. The firewall concept can be applied to all operating systems because its function is to protect the virtual machine from external attacks and make it less vulnerable.
How does the firewall work?
Why use local networks? The goal is do not expose access to the virtual machine to the public network, so as to prevent anyone from accessing via public IP and have total control over the connections made, both incoming and outgoing. The purpose of PfSense is precisely to make the server reachable from the Internet only under authorized conditions, thanks to the filters that can be set: for example, by IP, by port, or by connection status.
To do this we have made available the installation of PfSense, which will act as a firewall. In this way, to reach our virtual machines via the Internet, it will be necessary to forcibly pass through the PfSense firewall, and vice versa. The passage will therefore be VM > PfSense > Internet, without direct contact between our system that we want to protect, and the Internet: in doing so, you decide who will be able to reach it and who will notby configuring the firewall accordingly.
The firewall is especially useful for Windows environments, an operating system that is not very suitable for being exposed on the Internet.
As you can see from the image, you can configure several virtual machines within your Private Cloud. Plesk and the PfSense firewall are directly connected to the Internet through a public network interface (blue squares). Windows, on the other hand, is connected to PfSense via a local network interface (red square), which in turn is connected to the Internet via the public network interface (blue square).
What does the configuration include?
When a virtual machine is created within the Private Cloud, it is always associated with a public IP address so that it can be immediately reached by customers. After the correct configuration, you can disable the public network card directly from your operating system.
The configuration requires that our virtual machine has a public interface, which as indicated must subsequently be deactivated, and a local network interface which communicates directly with the PfSense. At the same time, the PfSense firewall also has two interfaces: the first, a public network interface for going out to the Internet and the second, a local network interface for communicating with the VM inside the Private Cloud.
Obviously, both local network interfaces of the machines are configured with addresses belonging to the same network: for example, VM 192.168.1.15/24 and PfSense 192.168.1.1/24.
Through our Manager Panel you can manage both public and private network interfaces intuitively.
A fundamental aspect to protect your safety: each virtual machine includes access to the KVM Console to perform extraordinary operations and view the video output at any time. This means that if a machine is not directly accessible from the Internet or if you have been cut off due to a misconfigured public network interface or firewall, you can always access via the KVM Console.
Finally, we remind you that you can create virtual machine snapshots directly from the Manager Panel, hence the advice to take one before changing the network configuration, so in case of errors you can quickly return to the previous point and redo the correct configuration. To find out more, read ours guide.