Jump to content
RESET Forums (homeservershow.com)

App Based Firewalls for NAS's


Al_Borges

Recommended Posts

Al_Borges
qnap just released out of beta a built in firewall app for its nas  'QUFirewall'
 
enhances ip filtering and controls ip access to the NAS
 
come to think about it,  my nas was the only computer on the network that wasnt firewalled
 
i was getting around 4000 probes a day from outside the US  now blocking all of them 
 
right now, i have it set up to ignore any request from outside my internal subnet, the basic profile will restrict to country specific ip ranges
 
Synology has something similar
 
 
whats the thought around the body of the lodge on this 
 
I see this as a low cost bridge to a full-on UTM, like pfsense or sophos
 
 
Edited by Al_Borges
Link to post
Share on other sites
nrf

I wonder how the world could even come knocking. was it using upnp? did you open a port for it? perhaps more focus on your main router/firewall is in order

Edited by nrf
Link to post
Share on other sites
oj88

As nrf said, I think you'd want to see why your NAS is getting hit from outside your network. Your perimeter firewall should've been able to stop them. It's possible that you've configured port-forwarding. It's better to insulate these devices from the outside and instead, use a VPN to access it from the outside.

 

I think the idea of using the QNAP firewall is to control access from your LAN and possibly, as a last line of defense from external attacks.

Edited by oj88
Link to post
Share on other sites
Al_Borges

I have upnp,disabled  on my router and the 'sheilds up test' on GRC websites show that i am not responding  still getting packets being blocked by the firewal

 

 

Clipboard01.jpg

Link to post
Share on other sites
nrf

so you forced shieldsup to test all 64k ports? perhaps qufirewall can tell you more about what it is deflecting, in some log or such

Edited by nrf
Link to post
Share on other sites
itGeeks

What are you using for a router? When you say the NAS is the only device not firewall, what do you mean by that?? I find the claim that it blocked all that a little odd if you have a router and not using uPnP or using port forwarding. As for Geo blocking by country, be careful with that. When I did that on my Synology Router (highly recommended) it did more harm then good. I had all sorts of problems...

 

Your rite Synology NAS has a firewall built in that we can use and is designed to be used if your using the NAS as a router, not sure why anyone would want to use the NAS as a router but the option is there. 

Edited by itGeeks
Link to post
Share on other sites
Al_Borges
Posted (edited)

I  am using a TP-Link Deco X20 router

 

upnp disabled by default on the router

 

 

When I stated that the NAS was the only computer not firewalled,   I meant that all the other computers have windows 10  firewalls installed and running    -   the NAS was the only full blown computer without a Firewall, until  QNAP released the QuFirewall App

 

The point of my original question was  the usefulness/utility of a NAS firewall  

 

I found one use -     checking the Qufirewall event log,  all the "hits" were coming from just 5 IP addresses  -   so I specifically blocked those in the NAS Firewall rules

 

havent gotten any  hits int he last 6 hours or so  since I did this. 

 

 

Edited by Al_Borges
Link to post
Share on other sites
nrf

so were those IP addresses from the local lan or external IPs? if external, something is going on that warrants further investigation!

Link to post
Share on other sites
itGeeks

Agreed. If external how are they hitting the NAS, do you have external access by way of port forwarding?

Link to post
Share on other sites
Al_Borges

Thanks for all the suggestions,  I spent the last couple of days investigating and I think I found the issue(s)

 

first,   There was a hole in the UPNP protection I thought i had

 

Qnap has a switch in their MyQnap Cloud service ( remote access to the NAS over the web) See photo 1 attached.    I tried MyQnapcloud  last year and this must have been set  The handful of external IP's  must have come in this way -   with the QSnatch Malware prevalent -  lots of bots hanging around.   

 

2nd   -   The Qufirewall app shouldnt  have been taken out of beta -   it registers even local NAS traffic as Hits on the Firewall  -   I did a packet analysis using wireshark and recognized all the "hits"  as expected local traffic

 

so much for 10K hits a day   I've reported this on an issue ticket to QNAP

 

Anyway,  wanted to close the loop and hopefully share some "mistakes"  to avoid

experience isnt always the best teacher -  it gives the test first, then the lesson 

 

Fortunately,  I had the Admin account disabled and a secure/obscure userID and password for  login

 

 

 

1369491242_QNAPHole.jpg.c230ebe356479a9e2786d1e42778f368.jpg

 

 

 

Wireshark analysis.jpg

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...