firewall

1. offizieller Beitrag

    hi all,


    i am making an online nas so I can use from everywhere. As the online server i use do not have hardware firewall, my question is:


    what is the best firewall to implement? shall i use the firewall inside OMV GUI or i need to install somthing else so i will forbid EVERYTHING from any other addresses than my own statics? (ftp, browse, etc)


    additionally i need from some specific of the statics to have web gui access. others will have only sharing


    so for example if i have these ips
    static1
    static2
    static3


    i need all of them (only) to have access to smb
    only static 1&2 will have access to gui


    What is the suggested and most safe method to avoid any risk of files exposure?


    many thanks!

    • Offizieller Beitrag

    I really hope you aren't sharing smb over the internet...



    Zitat von antonisthai

    what is the best firewall to implement? shall i use the firewall inside OMV GUI or i need to install somthing else so i will forbid EVERYTHING from any other addresses than my own statics? (ftp, browse, etc)

    The omv firewall works fine. If no one else needs to connect, why not be as restrictive as possible.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Gefällt mir 1

    Yes I do share SMB over internet., what is the issue? please let me know what do you think @ryecoaaron
    If I setup the firewall of OMV to restrict everything else, where is the issue?
    many thanks



    also, to add, can't I add a linux level firewall? (inside debian ssh)


    many thanks once again



    • Offizieller Beitrag
    Zitat von antonisthai

    Yes I do share SMB over internet., what is the issue? please let me know what do you think

    No no no!. samba/cifs is not secure enough for the internet and was never designed to be used outside a local network. If you really want a cloud samba server, you should only connect to it using a VPN.

    Zitat von antonisthai

    If I setup the firewall of OMV to restrict everything else, where is the issue?

    Spoofing an IP address isn't hard. You have no way to properly protect samba on the internet.


    Zitat von antonisthai

    also, to add, can't I add a linux level firewall? (inside debian ssh)

    That would do the same thing as using OMV's firewall tab.

    Zitat von ryecoaaron

    Spoofing an IP address isn't hard. You have no way to properly protect samba on the internet.

    but even after that, the hacker needs to have the share credentials...


    i mean even if somebody spoofs with the allowed ip as configured through firewall, they need to have credentials to see the files.


    Am i right?


    if the server will be on a dedicate server, what will be the issue then?


    what other ways you suggest for sharing files and use them as a local nas, but in cloud? and safely?


    VPN is impossible at this point.


    thank you!!

    • Offizieller Beitrag
    Zitat von antonisthai

    but even after that, the hacker needs to have the share credentials...


    i mean even if somebody spoofs with the allowed ip as configured through firewall, they need to have credentials to see the files.


    Am i right?

    Just search the internet to see if samba is safe on the internet...

    Zitat von antonisthai

    if the server will be on a dedicate server, what will be the issue then?

    I don't see why that makes a difference.


    Zitat von antonisthai

    what other ways you suggest for sharing files and use them as a local nas, but in cloud? and safely?

    This is the million dollar question. If it was easy, nextcloud and dropbox and others wouldn't exist. As I mentioned before, VPN is the best option if you are using Windows for the client. If you are using a Linux desktop, you could use VPN or sshfs or something else.

    Zitat von ryecoaaron

    This is the million dollar question. If it was easy, nextcloud and dropbox and others wouldn't exist. As I mentioned before, VPN is the best option if you are using Windows for the client. If you are using a Linux desktop, you could use VPN or sshfs or something else.

    you mean vpn between server (out) and the area that will be shared, and keep OMV, right?


    will this not make the connections more slow?


    Thank you!!

    • Offizieller Beitrag
    Zitat von antonisthai

    isn't it unsafe?

    smb3 finally has a strong enough encryption but smb has had too many vulnerabilities and not many people do this. If you want to do it, great. Just remember I told you it was a bad idea. Maybe this will change your mind - https://arstechnica.com/civis/viewtopic.php?f=17&t=1435021 Is there a reason you don't want to use a VPN?

    Zitat von antonisthai

    also what smb version OMV uses??

    Debian 9.x and therefore OMV 4.x use samba 4.5 which supports SMB protocols from 1 to 3_11

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden