added proof of successful ufw setup

2026-01-02 00:03:16 -05:00
parent fb39bcbcab
commit 72871e3840
1 changed files with 28 additions and 11 deletions
--- a/_posts/homelab/2026-01-01-homelab-part2.md
+++ b/_posts/homelab/2026-01-01-homelab-part2.md
@@ -242,6 +242,34 @@ Now:
 - Connecting via `192.168.2.251` from home Wi-Fi is **blocked**.
 - Connecting via `10.100.0.11` (+VPN active) is **allowed**.

+You should see in each node:
+
+```text
+root@node-2:~# ufw numbered
+Status: active
+
+To                         Action      From
+--                         ------      ----
+22/tcp on wg0              ALLOW       Anywhere
+22/tcp (v6) on wg0         ALLOW       Anywhere (v6)
+
+root@node-2:~# sudo wg show
+interface: wg0
+  public key: ...
+  private key: (hidden)
+  listening port: 38547
+
+peer: ...
+  endpoint: 3.99.xx.xxx:51820
+  allowed ips: 10.100.0.0/24
+  latest handshake: Now
+  transfer: 84.52 KiB received, 57.66 KiB sent
+  persistent keepalive: every 25 seconds
+
+root@node-2:~# ip addr show wg0
+... 10.100.0.11/24 ...
+```
+
 **SSH Shortcuts (`~/.ssh/config` on Mac):**
 This allows us to ssh to the servers without the need to mention their hostname or add (`-i`) the ssh key

@@ -267,17 +295,6 @@ Host node3
    IdentityFile ~/.ssh/home-server
 ```

-This is a solid, production-ready guide. The logic flows correctly from infrastructure (EC2) to nodes, then to clients,
-and finally to hardening.
-
-I have **one critical correction** for your SSH config snippet before you publish:
-
-> **Correction in `~/.ssh/config**`:
-You have a copy-paste error for `Host node3`. It is currently pointing to `.11`(Node 2's IP). It should be`.12`.
-
-Here is the **Troubleshooting** section you requested, written in the same Markdown format to append to the end of your
-post.
-
 ---

 ## 6. Troubleshooting