How to Set Up a Private Network with UFW on Ubuntu

Scaling your product often means compartmentalizing services into individual Virtual Machines (VMs). This segregation allows different components like databases, caches, and servers to operate within a private network, enhancing efficiency and security. Below, we'll guide you through setting up a private network using UFW (Uncomplicated Firewall) on Ubuntu.

Step-by-Step Guide

1. Installing UFW

   • Begin by updating your system's package list:

     sudo apt-get update
     

   • Install UFW:

     sudo apt-get install ufw
     

2. Verify Installation

   • Check if UFW is installed correctly:

     sudo ufw status
     

3. Enabling UFW

   • Enable UFW to activate the firewall:

     sudo ufw enable
     

   • Note: Ensure SSH access is secured before terminating your session after enabling UFW.

4. Configuring UFW Rules

   • Allow Specific Port Access:

     • For port 2222:

       sudo ufw allow 2222
       

     • For SSH service:

       sudo ufw allow ssh
       

   • Database Access:

     • PostgreSQL on port 5432:

       sudo ufw allow in on eth1 to any port 5432
       

     • PgBouncer on port 6432:

       sudo ufw allow in on eth1 to any port 6432
       

   • Specific IP and Port Configuration:

     • Allow access from IP 192.168.0.11 to port 2222:

       sudo ufw allow in on eth1 from 192.168.0.11 to any port 2222
       

     • Allow access from a subnet to port 2121:

       sudo ufw allow in on eth1 from 192.168.0.0/16 to any port 2121
       

   • Allowing Port Ranges:

     • For TCP ports 8000 to 8009:

       sudo ufw allow 8000:8009/tcp
       

5. Deleting Rules

   • To remove a rule, insert delete in the command. For example, to delete the range rule created above:

     sudo ufw delete allow 8000:8009/tcp
     

   • Confirm deletion:

     sudo ufw status
     

Conclusion

By following these steps, you can effectively segment your tech stack into a private network, bolstering both performance and security. Remember, managing firewall rules is a critical part of maintaining your network's integrity, so proceed with caution and always double-check your configurations.