How to configure QnapCloud service behind a firewall?

[sbogio]

Hi all
I have to configure QnapCloud on a new NAS TS-269L to give data access to 'mobile' employee outside the company building.

Folder and data on the Nas server will be available directly for internal user and for external user by means of the QnappCloud and VPN.

Actually the user's box (windows nt and windows 7) are attached on the intenal network (with class address 10.x.x.x); a linux box act as firewall, nat and proxy server(s) with a
link on the intenal network and another link on the DSL router/modem (with class address 196.x.x.x) giving controlled internet access to users. Finally a couple of Microsft Domain Servers act like DNS server and LDAP server, both attached on the internal network (again using a class address 10.x.x.x).

My question is about how to configure QnappCloud (and the Qnapp NAS server) behind the firewall and the DSL router.

1) I suppose I have to link the TS-269L on the internal network with a 10.x.x.x class address using one of Gbit interface, and linking on the other network (with firewall and router) the other one assigning another address class 196.x.x.x). is it correct?

2) Suppose I want use the PPTP as VPN protocol I have to configure :

2.1 DSL Router : enable 'Ipsec PassThrough'; enable 'PPTP PassThrough', enable 'Multicast ', enable 'UPnP'
or
2.2 Firewall enable 'Ipsec PassThrough'; enable 'PPTP PassThrough', enable 'Multicast ', enable 'UPnP' and open the correct port for vpn ?
or
2.3 I have to configure both device: router and firewall box ?

3) The VPN server does user authentication with a local user definition db or I can configure the authentication against the Windows Active Directory system ?

4) How can limit the QnappCloud service to offer only folder and data access ?

I'm afraid but I'm a newbie about NAS and VPN technology.

best regards

stefano

[doktornotor]

There is NO IPSec support on QNAP. You should NOT use PPTP at all as it is totally compromised and unsecure. If you want to set up IPSec, that must be done on router instead. Otherwise, use OpenVPN (this again would preferably be set up on your router, but is not a requirement as long as you realize that the OpenVPN feature is ONLY intended to get your connected to QNAP, not provide VPN connectivity to your LAN.)

[sbogio]

There is NO IPSec support on QNAP. You should NOT use PPTP at all as it is totally compromised and unsecure. If you want to set up IPSec, that must be done on router instead. Otherwise, use OpenVPN (this again would preferably be set up on your router, but is not a requirement as long as you realize that the OpenVPN feature is ONLY intended to get your connected to QNAP, not provide VPN connectivity to your LAN.)

Thanks for your suggestion, You are right I want only use VPN to connect to QNAPP.
Suppose using OpenVpn, if I wanto to put QNAPP behind the firewall I can avoid to link QNAPP on the network with Firewall and DSL Router right ? I have to configure Firewall to open the right ports used by OpenVpn attaching the QNAPP box only on the internal network ?

regards

stefano

[doktornotor]

I can avoid to link QNAPP on the network with Firewall and DSL Router right ? I have to configure Firewall to open the right ports used by OpenVpn attaching the QNAPP box only on the internal network ?

Afraid I don't follow what are you trying to do there. If QNAP cannot be reached via the router, then obviously no VPN will work from WAN.

[sbogio]

I can avoid to link QNAPP on the network with Firewall and DSL Router right ? I have to configure Firewall to open the right ports used by OpenVpn attaching the QNAPP box only on the internal network ?

Afraid I don't follow what are you trying to do there. If QNAP cannot be reached via the router, then obviously no VPN will work from WAN.

I'm sorry, I'm not clear.

Now internal system (on the internal network) can be reached by a Linux firewall box (if configured), the only system linked to the DSL router.
I'm wondering if I have to put QNAPP server behind the firewall (in that case the router reach VPN server on QNAPP box through the firewall gateway) or I have to attach one of gigabit port of the QNAPP server on the same ethernet network of the router and firewall leaving the other giabit port attached on the switch where all of interanl server and workstation are attached.

I'm sorry again but I'm not expert on network configuration.
regards

[doktornotor]

Afraid we are getting completely off-topic for this forum. Normally, firewall runs on the router. So, the router is just a bridge with LAN behind the Linux firewall, or what is it doing?