firewall

    • OMV 4.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • hi all,

      i am making an online nas so I can use from everywhere. As the online server i use do not have hardware firewall, my question is:

      what is the best firewall to implement? shall i use the firewall inside OMV GUI or i need to install somthing else so i will forbid EVERYTHING from any other addresses than my own statics? (ftp, browse, etc)

      additionally i need from some specific of the statics to have web gui access. others will have only sharing

      so for example if i have these ips
      static1
      static2
      static3

      i need all of them (only) to have access to smb
      only static 1&2 will have access to gui

      What is the suggested and most safe method to avoid any risk of files exposure?

      many thanks!
    • I really hope you aren't sharing smb over the internet...


      antonisthai wrote:

      what is the best firewall to implement? shall i use the firewall inside OMV GUI or i need to install somthing else so i will forbid EVERYTHING from any other addresses than my own statics? (ftp, browse, etc)
      The omv firewall works fine. If no one else needs to connect, why not be as restrictive as possible.
      omv 4.1.17 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Yes I do share SMB over internet., what is the issue? please let me know what do you think @ryecoaaron
      If I setup the firewall of OMV to restrict everything else, where is the issue?
      many thanks


      also, to add, can't I add a linux level firewall? (inside debian ssh)

      many thanks once again


      ryecoaaron wrote:

      I really hope you aren't sharing smb over the internet...









      antonisthai wrote:

      what is the best firewall to implement? shall i use the firewall inside OMV GUI or i need to install somthing else so i will forbid EVERYTHING from any other addresses than my own statics? (ftp, browse, etc)
      The omv firewall works fine. If no one else needs to connect, why not be as restrictive as possible.
    • antonisthai wrote:

      Yes I do share SMB over internet., what is the issue? please let me know what do you think
      No no no!. samba/cifs is not secure enough for the internet and was never designed to be used outside a local network. If you really want a cloud samba server, you should only connect to it using a VPN.

      antonisthai wrote:

      If I setup the firewall of OMV to restrict everything else, where is the issue?
      Spoofing an IP address isn't hard. You have no way to properly protect samba on the internet.

      antonisthai wrote:

      also, to add, can't I add a linux level firewall? (inside debian ssh)
      That would do the same thing as using OMV's firewall tab.
      omv 4.1.17 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • ryecoaaron wrote:

      Spoofing an IP address isn't hard. You have no way to properly protect samba on the internet.
      but even after that, the hacker needs to have the share credentials...

      i mean even if somebody spoofs with the allowed ip as configured through firewall, they need to have credentials to see the files.

      Am i right?

      if the server will be on a dedicate server, what will be the issue then?

      what other ways you suggest for sharing files and use them as a local nas, but in cloud? and safely?

      VPN is impossible at this point.

      thank you!!
    • antonisthai wrote:

      but even after that, the hacker needs to have the share credentials...

      i mean even if somebody spoofs with the allowed ip as configured through firewall, they need to have credentials to see the files.

      Am i right?
      Just search the internet to see if samba is safe on the internet...

      antonisthai wrote:

      if the server will be on a dedicate server, what will be the issue then?
      I don't see why that makes a difference.

      antonisthai wrote:

      what other ways you suggest for sharing files and use them as a local nas, but in cloud? and safely?
      This is the million dollar question. If it was easy, nextcloud and dropbox and others wouldn't exist. As I mentioned before, VPN is the best option if you are using Windows for the client. If you are using a Linux desktop, you could use VPN or sshfs or something else.
      omv 4.1.17 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • ryecoaaron wrote:

      This is the million dollar question. If it was easy, nextcloud and dropbox and others wouldn't exist. As I mentioned before, VPN is the best option if you are using Windows for the client. If you are using a Linux desktop, you could use VPN or sshfs or something else.
      you mean vpn between server (out) and the area that will be shared, and keep OMV, right?

      will this not make the connections more slow?

      Thank you!!
    • antonisthai wrote:

      isn't it unsafe?
      smb3 finally has a strong enough encryption but smb has had too many vulnerabilities and not many people do this. If you want to do it, great. Just remember I told you it was a bad idea. Maybe this will change your mind - arstechnica.com/civis/viewtopic.php?f=17&t=1435021 Is there a reason you don't want to use a VPN?

      antonisthai wrote:

      also what smb version OMV uses??
      Debian 9.x and therefore OMV 4.x use samba 4.5 which supports SMB protocols from 1 to 3_11
      omv 4.1.17 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!