hello,
how would one isolate the nas from internet, what should go in the adm defender, i want all local lan traffic to have access but nothing from outside.
thanks,
Hash
isolating nas from internet
Moderator: Lillian.W@AST
-
hqhash@gmail.com
- Posts: 2
- youtube meble na wymiar Warszawa
- Joined: Sun Aug 09, 2020 11:52 pm
-
Nazar78
- Posts: 2066
- Joined: Wed Jul 17, 2019 10:21 pm
- Location: Singapore
- Contact:
Re: isolating nas from internet
Even with UPnP and port forwarding off on your router, unless you have a capable router to block WAN traffic for specific IP/Mac, ADM defender alone is insufficient to totally isolate your NAS from the internet. The ADM defender provides basic blocking and if you want to do advanced blocking you'll need to do this via iptables but it will get overwritten by the NAS itself unless you modify certain system file.
The easiest way to do this is to set your NAS with static IP without providing the gateway or fake its gateway, former is preferred to fail the route immediately instead of timing out. Traffic will then only work within your local subnet.
Disclaimer: Most Asustor features that requires Internet will fail to work which includes NTP, Apps and firmware updates.
The easiest way to do this is to set your NAS with static IP without providing the gateway or fake its gateway, former is preferred to fail the route immediately instead of timing out. Traffic will then only work within your local subnet.
Disclaimer: Most Asustor features that requires Internet will fail to work which includes NTP, Apps and firmware updates.
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
-
orion
- Posts: 3485
- Joined: Wed May 29, 2013 11:09 am
Re: isolating nas from internet
Isolating NAS totally is not good. It's better that NAS can access internet resource, but outside world cannot access NAS. Although it's not totally safe, it should be more realistic for normal NAS usages. If it's the case and NAT on your home gateway is working (and don't enable IPv6), you can simply disable EZ-Connect and Manual Connect functions.