I want to run a Bitcoin node (running Knots, Electrs, Mempool) in my VirtualBox StartOS in a server PC, and use a separate client PC to run Sparrow. The Sparrow wallet will have no hot wallets-only for a connected cold wallet. For privacy and security, should I make the client PC LAN only (No internet. RPC only for the server’s Electrs)? Or is that an overkill? I know the updates will be hassle but I’m willing to do the extra tasks. I’m also thinking about running Wasabi wallet in the future but I’m not sure if I should run that in the client or server PC.
This would be a secure way to run your setup if you can afford the hardware.
I misinterpreted what you were describing on the other thread (I thought you were describing the VM host as being offline). Makes sense to me now 
. You will still need to connect over clearnet instead of Tor, so my comments about SimpleProxy still apply.
Paul, I followed your suggestion — and your YouTube video, which was incredibly helpful, by the way — and was able to get the StartOS VirtualBox server running. Thank you! My question on this thread is about the client PC. Should I configure its firewall so that it has no internet access and connects to the server’s Electrs via LAN only? I figure that no internet access would improve both privacy and security.
Yes, if you can afford the hardware (i.e. a dedicated client that has no internet access and is only used for Sparrow), then this is a more secure setup. I was just pointing out that without internet access, you lose access to Tor. Thus, my point about setting up SimpleProxy on the StartOS VM.
It didn’t cost me anything. My workplace had a stack of unwanted Dell laptops with Core i5 processors running Windows 7, so I repurposed one by installing Linux Xfce and Sparrow. So far, it seems to be working fine.
1 Like
As far as connecting Sparrow wallet in my client PC to the server’s Electrs, the StartOS GUI doesn’t even let me configure Electrs for LAN connection. I learned that their rationale is that Tor is much more secure and private than my home router. For simplicity, (most available tutorials are using Tor) I’m going to use Tor unless someone can convince me otherwise.
The actual reason is that StartOS doesn’t currently have built-in support for clearnet (supposedly 4.0.0 will). Or it would be more technically accurate to say that networking options in StartOS are currently quite limited (since we are talking about connecting to an exotic port over LAN in this case). No services on StartOS (other than web interfaces over http/https) can be connected to via LAN without configuring a port forwarding rule for them in something like SimpleProxy. The most commonly-encountered examples of this limitation being Datum Gateway and Public Pool for home mining.
If you want to connect to electrs over LAN, I can give you the commands to run, but it’s up to you if you are concerned about the security of going with that route (you will want to get your firewall rules correct). Connecting over Tor is easier, but it requires an internet connection, so it is ultimately a trade-off on which door you want to have open versus the other.
1 Like