I've added all the example rules (including the ones for Samba) that @tekkb listed and everything is working fine except when I connect via VPN to my server, I am unable to browse my samba shares unless I delete the 'reject all rule'. I can still access OMV's web GUI and all my web apps, but not Samba unless I delete that last rule. Is there a firewall rule I can add that will grant me access to samba via VPN? Also, Ive changed my ssh rule to only allow connections from my LAN (192.168.1.0/24), but with VPN-AS, I am assigned an IP in the 172.x.x.x range. How should I edit my firewall rules to allow ssh via VPN?
Example of OMV's firewall
-
-
Add another rule for the vpn subnet. This is a routed vpn. That is why samba does not go through it. Anything that uses broadcasting will not work. You need a bridged vpn for this. OpenVPN AS can do a bridged VPN but it would only work with Windows clients.
-
hey guys, thanks for the info in setting up the firewalls...just finishing off mine.
suggestion/question:
- why isn't there an option to choose TCP/UDP , save having to create rules twice
- why can't we comma separate ports save having to make one rule, one port (same for addresses as well)one way to allow multi ports/addresses could be like in pfsense e.g. create Alias where ports/hosts/networks can be defined.
That could possibly simplify the rules.cheers
-
Hello.
Could you please update pictures on rules.
Thank you. -
One of the most important reasons why I switched from a commercial NAS with proprietary software to OMV is the hope to get more security for the NAS and for the data.
This forum post "Example of OMV's firewall" (2013-2017) shows that there doesn't seem to be much interest in the network firewall integrated in OMV. I think that's a pity. Because the protection of the NAS and the data on it has never been so important as it is today.
Unfortunately, the integrated OMV network firewall cannot be used without the information on the screen shots.
Why are the screen shots not stored on the server of the forum? Why the autor of this topic repeatedly use a hoster that has been proven to be unsuitable?
Is there anyone who can document the topic once and for all permanently accessible in this forum?
-
OMV is Debian Linux under the hood, and many Debian applications can be used with it. You are not strictly limited to using only what OMV provides. Have you researched any of the available firewall GUI applications for Debian to see if they meet your needs?
-
My objective is a system with an extremely low power consumption (energy saving), so I did not install a full-fledged Debian. As OS I use Debian NetInst 9.7.0 and installed OMV after.
I guess without installing a full Debian it is not possible to install individual applications. I'm really just missing the screen shots to use the integrated packet filter. Is there anyone in the forum who uses the integrated OMV firewall? If yes, please post the screen shots in the forum. Thank you. Unfortunately, the information in the firewall documentation is not sufficient and does not provide a solution.
-
My objective is a system with an extremely low power consumption (energy saving), so I did not install a full-fledged Debian. As OS I use Debian NetInst 9.7.0 and installed OMV after.
I guess without installing a full Debian it is not possible to install individual applications. I'm really just missing the screen shots to use the integrated packet filter. Is there anyone in the forum who uses the integrated OMV firewall? If yes, please post the screen shots in the forum. Thank you. Unfortunately, the information in the firewall documentation is not sufficient and does not provide a solution.
Nobody said anything about installing full Debian. You can install just about any of the many thousands of available Debian packages.
-
Can the images be re-hosted. This thread is linked from several other threads regarding this topic. It would be most helpful
-
Can the images be re-hosted. This thread is linked from several other threads regarding this topic. It would be most helpful
you could find them here
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!