The Firewall in SoftNAS helps to control the incoming and outgoing network traffic in VPN.
As of version 5.0, all unnecessary ports for a typical SoftNAS deployment are closed, in order to ensure your security. However, this means that if you are deploying SoftNAS to handle various file protocols, you may need to configure some ports to ensure success.
To reach the SoftNAS Firewall, expand Settings from the Storage Administration Pane, and select Firewall.
Note |
---|
If enabling the firewall, be sure to open up the appropriate set of ports for SSH, HTTP. HTTPS, NFS/bind, iSCSI, CIFS, etc. |
To reach the SoftNAS Firewall, expand Settings from the Administration Pane, and select Firewall.
The Firewall wizard will be displayed and you will be able to perform various administrative actions.
Configuring the SoftNAS Firewall
As stated, the current SoftNAS Firewall is pre-configured, and set to restrict any ports that are deemed unnecessary to a standard deployment.
This means that only ports and protocols commonly used are configured, including such ports as NFS, CIFS/Samba, rpc-bind, and mountd (iSCSI) are configured to start. The screenshot on the right is where you can see the ports currently configured by default.configured to start.
Info |
---|
Ports configured to start include:
|
Deleting a Service or Port from the SoftNAS Firewall
In order to remove a service or port, simply select the service, and hit the button below stating 'click the Delete Selected Rules'Rules button.
Note |
---|
Buurst does not recommend removing default services without good reason. Please consult Buurst Support if you are unsure of which ports or services you require for your deployment. |
Adding
a Service or Port to the SoftNAS FirewallIn order to add a service or port, select either Add allowed port or Add allowed service.
Allowed Service
- For this example, you will note that we have
- NFS as a default service in the current configuration.
- This refers
- to NFSv4 only, as this is the most
- commonly used version
- at the moment.
- Let's assume
- we need to configure SoftNAS to connect with a legacy application that uses
- NFSv3.
- Select the Add allowed service link. The Add Service screen will display.
- Select the service to allow (in this example nfs3) from the dropdown.
- Once done,
- click
- the Create button.
Note |
---|
Buurst's SoftNAS can allow traffic from a large list of services, as you can see on the right. |
- The service will show in the allowed list.
Adding a port is a similar process. Click
Add Allowed Port
and you will see the following within the screenshot on the right.Enter the port number to allow. Let us assume that we are adding one of the typical ports used to connect UltraFast. (Note that UltraFast is no longer a part of SoftNAS itself, but we can connect SoftNAS to a Buurst Fuusion instance to configure accelerated file transfers.) UltraFast uses port 8888, and would have that port open to both TCP and UDP traffic. So, in this example we would type in the Single Port field '8888', then in Network Protocol, select UDP from the dropdown. Click Create when the options are configured. For this example you would repeat the process for a TCP port as well.
There may be any number of ports and services required for your deployment. If you have any questions regarding the firewall configuration for your use case, please contact Buurst Support for assistance.
- Select the Add allowed port link. The Add Port screen will display.
- Enter either a Single port or a Port range that you would like to allow.
- Select the Network protocol from the drop-down menu.
- Once done, click the Create button.