From 72871e384088a4e656196104894be4a5192e4cd5 Mon Sep 17 00:00:00 2001 From: wboughattas Date: Fri, 2 Jan 2026 00:03:16 -0500 Subject: [PATCH] added proof of successful ufw setup --- _posts/homelab/2026-01-01-homelab-part2.md | 39 ++++++++++++++++------ 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/_posts/homelab/2026-01-01-homelab-part2.md b/_posts/homelab/2026-01-01-homelab-part2.md index 4d4afb3..aa7e6f3 100644 --- a/_posts/homelab/2026-01-01-homelab-part2.md +++ b/_posts/homelab/2026-01-01-homelab-part2.md @@ -242,6 +242,34 @@ Now: - Connecting via `192.168.2.251` from home Wi-Fi is **blocked**. - Connecting via `10.100.0.11` (+VPN active) is **allowed**. +You should see in each node: + +```text +root@node-2:~# ufw numbered +Status: active + +To Action From +-- ------ ---- +22/tcp on wg0 ALLOW Anywhere +22/tcp (v6) on wg0 ALLOW Anywhere (v6) + +root@node-2:~# sudo wg show +interface: wg0 + public key: ... + private key: (hidden) + listening port: 38547 + +peer: ... + endpoint: 3.99.xx.xxx:51820 + allowed ips: 10.100.0.0/24 + latest handshake: Now + transfer: 84.52 KiB received, 57.66 KiB sent + persistent keepalive: every 25 seconds + +root@node-2:~# ip addr show wg0 +... 10.100.0.11/24 ... +``` + **SSH Shortcuts (`~/.ssh/config` on Mac):** This allows us to ssh to the servers without the need to mention their hostname or add (`-i`) the ssh key @@ -267,17 +295,6 @@ Host node3 IdentityFile ~/.ssh/home-server ``` -This is a solid, production-ready guide. The logic flows correctly from infrastructure (EC2) to nodes, then to clients, -and finally to hardening. - -I have **one critical correction** for your SSH config snippet before you publish: - -> **Correction in `~/.ssh/config**`: -You have a copy-paste error for `Host node3`. It is currently pointing to `.11`(Node 2's IP). It should be`.12`. - -Here is the **Troubleshooting** section you requested, written in the same Markdown format to append to the end of your -post. - --- ## 6. Troubleshooting