private network with some public access?
-
- Starting out
- Posts: 27
- Joined: Tue May 11, 2021 8:06 am
- Location: Los Angeles
- Contact:
private network with some public access?
Hi all, I had my TS-453D NAS set up to be accessible over the internet so that I could share files with colleagues, etc.
Unfortunately I got hit by the ransomware attack last month, and lost almost everything in the NAS, including the folders I had sync'd to box and dropbox. Quite disappointing, but fortunately the bot seemed to have left alone all *.wav files, which is the only silver lining. (I'm a musician and share production files frequently), so the only truly valuable thing I lost was band pictures.)
Since then, at QNAPs recommendation, I've wiped the NAS, reinstalled the OS, and basically started over. I also now have a 14TB external HDD on which I can back up the entire NAS, which I didn't have before. Had i had that in place I could have recovered my files (as long as the backups weren't automatic). I have a couple questions. I set it up initially last week on a call with QNAP support to be accessible on the internet, but he also installed a firewall for US only IP addresses, which I didn't have before.
Can I change the NAS to be private, and still create specific links to share specific files with people? Or is that not possible? If that's not possible, I may do this anyway, and just use dropbox/etc as my file sharing place. Or perhaps it is possible to have only certain folders on the NAS accessible to the internet? Losing my entire NAS last month was pretty bad, and I never want that to happen again. Thank god the bot didn't affect wav files for whatever reason.
The second question is this: I like automatic backups, since I don't have to remember to do them, but if I had had auto backups, i think the backups would have just been encrypted as well. Is there a way to get around this? Perhaps something like apple's time machine, where i could restore the device to a previous state? Or comparing a folder before backing up and skipping if the file extensions have changed?
Thanks all, I'm an EE by trade, but new to networking and IT things. This is my first foray into setting up a home network. Apologies if this is posted in the wrong section of the forum as well.
Thanks!
Geoff
Unfortunately I got hit by the ransomware attack last month, and lost almost everything in the NAS, including the folders I had sync'd to box and dropbox. Quite disappointing, but fortunately the bot seemed to have left alone all *.wav files, which is the only silver lining. (I'm a musician and share production files frequently), so the only truly valuable thing I lost was band pictures.)
Since then, at QNAPs recommendation, I've wiped the NAS, reinstalled the OS, and basically started over. I also now have a 14TB external HDD on which I can back up the entire NAS, which I didn't have before. Had i had that in place I could have recovered my files (as long as the backups weren't automatic). I have a couple questions. I set it up initially last week on a call with QNAP support to be accessible on the internet, but he also installed a firewall for US only IP addresses, which I didn't have before.
Can I change the NAS to be private, and still create specific links to share specific files with people? Or is that not possible? If that's not possible, I may do this anyway, and just use dropbox/etc as my file sharing place. Or perhaps it is possible to have only certain folders on the NAS accessible to the internet? Losing my entire NAS last month was pretty bad, and I never want that to happen again. Thank god the bot didn't affect wav files for whatever reason.
The second question is this: I like automatic backups, since I don't have to remember to do them, but if I had had auto backups, i think the backups would have just been encrypted as well. Is there a way to get around this? Perhaps something like apple's time machine, where i could restore the device to a previous state? Or comparing a folder before backing up and skipping if the file extensions have changed?
Thanks all, I'm an EE by trade, but new to networking and IT things. This is my first foray into setting up a home network. Apologies if this is posted in the wrong section of the forum as well.
Thanks!
Geoff
- dolbyman
- Guru
- Posts: 35021
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: private network with some public access?
They attacked your NAS not your folders, so no matter what you share, the attack surface will always be there
- Remove manual port forwards to your NAS from your router
- Disable uPnP on your router
from then on only use sharehosters (as you said dropbox,etc) to share files with external users
you can use hybridmount to replicate an SMB share to and from dropbox(and others), that way you can share it without exposing your NAS
https://www.qnap.com/en/software/hybridmount
- Remove manual port forwards to your NAS from your router
- Disable uPnP on your router
from then on only use sharehosters (as you said dropbox,etc) to share files with external users
you can use hybridmount to replicate an SMB share to and from dropbox(and others), that way you can share it without exposing your NAS
https://www.qnap.com/en/software/hybridmount
-
- Starting out
- Posts: 27
- Joined: Tue May 11, 2021 8:06 am
- Location: Los Angeles
- Contact:
Re: private network with some public access?
Thanks dolby -
My router is a motorola MB7420 - I'll have to look up how to connect to it and disable those; I've never touched the settings for it.
Good idea with the hybridmount, I like the idea of as many accessing from as many machines as I want, too
My router is a motorola MB7420 - I'll have to look up how to connect to it and disable those; I've never touched the settings for it.
Good idea with the hybridmount, I like the idea of as many accessing from as many machines as I want, too
- dolbyman
- Guru
- Posts: 35021
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: private network with some public access?
Had a quick google and the MB7420 is a modem only, so there must be a router in your setup as well
-
- Starting out
- Posts: 27
- Joined: Tue May 11, 2021 8:06 am
- Location: Los Angeles
- Contact:
Re: private network with some public access?
Sorry, the MB7420 has a ethernet port on it, which is connected to my switch, (A netgear GS305) which is connected to the NAS and the rest of the network. There is a wifi router too, a linksys WHW0102.
Thanks!
Thanks!
- dolbyman
- Guru
- Posts: 35021
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: private network with some public access?
the modem should go into the WHW0102 and a LAN port of the WHW0102 then into your GS305
The modem should NOT be directly plugged into your switch
The modem should NOT be directly plugged into your switch
-
- Starting out
- Posts: 27
- Joined: Tue May 11, 2021 8:06 am
- Location: Los Angeles
- Contact:
Re: private network with some public access?
Oh, ok! I didn't know that, thanks.
what's the reasoning behind this? Firewall in the router or something?
what's the reasoning behind this? Firewall in the router or something?
- dolbyman
- Guru
- Posts: 35021
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: private network with some public access?
You don't want to mix public and private on the same switch (I know private ranges would not be routable .. but still)
WAN <> Router <> LAN
the upnp setting should then be in your linksys mesh router
WAN <> Router <> LAN
the upnp setting should then be in your linksys mesh router
-
- Starting out
- Posts: 27
- Joined: Tue May 11, 2021 8:06 am
- Location: Los Angeles
- Contact:
Re: private network with some public access?
got it, uPNP now disabled. Looks like there was no port forwarding set up anyway.
Turns out I actually did have the router in between the modem and the switch, as advised!
Turns out I actually did have the router in between the modem and the switch, as advised!
-
- Starting out
- Posts: 27
- Joined: Tue May 11, 2021 8:06 am
- Location: Los Angeles
- Contact:
Re: private network with some public access?
Now that that's all done, how do I change my NAS to be not accessible from the web?
- dolbyman
- Guru
- Posts: 35021
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: private network with some public access?
without port forwards or upnp, your NAS is not direct exposed anymore
-
- Starting out
- Posts: 27
- Joined: Tue May 11, 2021 8:06 am
- Location: Los Angeles
- Contact:
Re: private network with some public access?
hah, ok. I certainly don't understand how all this works then.
It seems I can still access my NAS through myQNAPcloud, but it's not exposed to the broader internet?
Thanks for your patience with me
It seems I can still access my NAS through myQNAPcloud, but it's not exposed to the broader internet?
Thanks for your patience with me
- dolbyman
- Guru
- Posts: 35021
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: private network with some public access?
without port forwards the only way you could access your NAS would be cloudlink
https://www.qnap.com/solution/myqnapcloud-link/en-us/
As it Tunnels the traffic through QNAP servers .. I don't know if you set that up
https://www.qnap.com/solution/myqnapcloud-link/en-us/
As it Tunnels the traffic through QNAP servers .. I don't know if you set that up
- Toxic17
- Ask me anything
- Posts: 6469
- Joined: Tue Jan 25, 2011 11:41 pm
- Location: Planet Earth
- Contact:
Re: private network with some public access?
its worth checking your connection to the internet to make sure no ports are open.
https://www.grc.com/x/ne.dll?bh0bkyd2
Regards Simon
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
-
- Starting out
- Posts: 27
- Joined: Tue May 11, 2021 8:06 am
- Location: Los Angeles
- Contact:
Re: private network with some public access?
Thanks for that link, toxic, seems like i'm good? the test reported that the equipment at my IP address didn't respond to its pings.