QNAP Access - Restricting Internal IP Range

English Networking
1

Hello,

On my NAS, I only recently realized that I could restrict access to only the internal IP address (by adding an IP range).

Would it be possible to add a rule to the ALLOW/DENY LIST?

Could I add a hardcoded line: RESTRICT TO INTERNAL IP ADDRESS (192.168.1.1 - 192.168.1.255)?

Thank you

2

Why would anything other than internal adresses get to your NAS?

Just make sure you have no port forwards and no upnp active..easy

3

if you have some reason to put the NAS directly facing to internet, at least install QuFirewall and you can have more detailed settings to allow/deny a range of IPs, ports, and regions.

4

In my case,

I’m using peer-to-peer sharing.

Not knowing how to properly secure my NAS, I thought I was securing it, but I mistakenly activated some rules (luckily I had changed the admin account password and enabled Fail2ban).

In the connection log, I saw external connection attempts. On a summary page of the shared activities, I would have liked to know what settings are active so I can pay closer attention to them.

image
image929×512 26 KB

5

Best to set your UI to English before posting screenshots to an English forum!

Go to your router and remove any port forwards and disable upnp (as said above)

6

I’ve disabled UPnP on my router.

Regarding the port forwarding rule, I have an active rule pointing to my NAS on a specific port.

But strangely, when I run the port opening tests, it shows as closed (though that’s not relevant to this forum).

7

These measures provide little or no protection against the type of attacks that have taken place in recent years. Don’t count on this being of any value to you.

Not sure what you are really asking here. You seem to have found the right location to enter an IP range. It provides you little actual protection, but you can create a whitelist for your local IP range.

Also, you didn’t specify your NAS model or specific firmware version. Options available changed based on these details.

8

This is the TS269pro

Firmware: 4.3.4

9

Since your device is an older model, it might not support QuFirewall.

In that case, as previously suggested, we recommend utilizing whitelists, router and avoiding port forwarding for security.