*New 11.3 series Release:
2019-10-05: XigmaNAS 11.3.0.4.6928 - released, 11.2 series are soon unsupported!

*New 12.0 series Release:
2019-10-05: XigmaNAS 12.0.0.4.6928 - released!

*New 11.2 series Release:
2019-09-23: XigmaNAS 11.2.0.4.6881 - released!

We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

Firewall problem: rules not working

Everything to improve your speed, LAGG, VLAN, VPN, Port Forwarding, DNS, Gateway
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
mauro
NewUser
NewUser
Posts: 4
Joined: 06 Nov 2014 16:52
Status: Offline

Firewall problem: rules not working

#1

Post by mauro » 06 Nov 2014 17:16

Hi.
I have an "old" Nas4Free 9.1.0.1 - Sandstorm (revision 804).
I do not want to upgrade it, so if this is a bug I will find another solution.

ok, now the problem.
The Nas have IP 192.168.79.250, on the physical firewall there are a VPN site2site, the end point is 192.168.250.0/24.
Ok, now I want to expose only few ports (example 2049) on the NAS for access fom 192.168.250.0
I can't do it in the physical firewall (it doesn't support firewall rules VPN2LAN), and therefore I want to use the firewall in Nas4Free.
I started the firewall service and make this config:

Protocol Source Port Destination Port <->
Accept TCP 192.168.254.0/24 * 192.168.79.250 2049 *
Deny ALL 192.168.254.0/24 * 192.168.79.250 * IN

For me, all other port except the 2049 will be blocked, but (example) I can do a telnet on port 8118 from LAN 192.168.250.0

Any ideas? :?

User avatar
johl
Starter
Starter
Posts: 24
Joined: 29 Jun 2012 07:53
Location: Örebro
Status: Offline

Re: Firewall problem: rules not working

#2

Post by johl » 22 Dec 2014 20:06

I would probably do something like this:
allow all tcp from 192.168.250.0/24 to 192.168.79.250 2049 in /* accept only the TCP/2049 port to the NAS, from remote site*/
allow all ip from 192.168.79.0/24 to any /* accept your local network*/
deny all ip from any to any /*deny anything else*/

mauro
NewUser
NewUser
Posts: 4
Joined: 06 Nov 2014 16:52
Status: Offline

Re: Firewall problem: rules not working

#3

Post by mauro » 24 Dec 2014 11:30

Hi johl.
I tried but nothing...
This is the rules:
rules.jpg
I tried with deny and reject.

If I try to telnet from 192.168.254.1 to 192.168.79.250 port 8118 (polipo), the connection is established.
netstat from nas4free is this:
tcp4 0 0 nas4free.8118 192.168.254.1.64991 TIME_WAIT

but I have found the solution.... :D
I'm an idiot. :oops:
if I block the single port then works. what happens????
in the GUI, when it was time to enter the door, I put *
Instead I have to leave it blank as for IP.
now it works!

thank you
You do not have the required permissions to view the files attached to this post.

User avatar
alexey123
Moderator
Moderator
Posts: 1563
Joined: 19 Aug 2012 08:22
Location: Israel, Karmiel
Contact:
Status: Offline

Re: Firewall problem: rules not working

#4

Post by alexey123 » 24 Dec 2014 12:31

No need create allow rules, because rule65535 have entry alow any to any by default. Need define only reject and deny rules.
Home11.0.0.4 - Sayyadina (revision 4249)/ x64-embedded on SAPPHIRE Pure Mini E350 / 8G RAM / UPS Ippon Back Power Pro 600
Lab 10.2.0.2 - Prescience (revision 2545) /x64-embedded on Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz / H61M-DS2 / 4G RAM / UPS Ippon Back Power Pro 600
New XigmanasXigmaNAS version 11.2.0.4.6026 on x64-embedded on AMD A8-7600 Radeon R7 A88XM-PLUS/ 16G RAM
TEST1 11.0.0.4 - Pilingitam (revision 4333) bpi-embedded on Allwinner a20 / 1015MiB RAM

Post Reply

Return to “XigmaNAS Networking Tune-up”