How do I keep my NAS off the WAN?

[aharu]

Hi there!

First off, the equipment I have:
- Huawei B593 (4G modem&router)
- Asus RTN66U (router)
- Netgear GS108Tv2 (managable switch)
- Netgear Readynas NV+ v2

I was planning on just using the Huawei as modem and let the
gigabit Asus router do the routing. Now, I don't really understand how
I will be able to access the NAS from "inside the home" (LAN), but block
internet access for it. Can this have something to do with setting up
VLANs with the GS108Tv2 switch?

Thanks! great forum by the way, one of a kind really!

 

[thiggins]

Unless you have ports open on your router to the NAS, it will be unreachable from the WAN side.

 

[aharu]

Thanks, I was being a bit unclear.

I want the NAS to be able to access the Netgear firmware server and to synchronize time and date. If I want to access the actual data on disks, a VPN connection to my VPN server in the router must be established, otherwise it should be impossible.

Is this possible?

 

[stevech]

date/time sync from NIST - does not require special router config such as port forwarding - because the request is initiated by the NAS (same for PCs).

Checking for NAS firmware updates... this too is probably initiated by the NAS on a schedule. Moreover, if yours is like my NAS (Synology), it connects outwardly to check for updates - no special router config needed.

Generally speaking... if you have trusted software on your NAS (as you do), or on a PC, it can connect outwardly via the Internet to a server. On PC's if you enable a software firewall on the PC (as in Windows), it has a default option to block at the PC level. Some NASes may do the same. But with a router, your trust is in the router's firewall.

The NAS risk increases when you enable file sharing and web access to the NAS - and you setup port-forwarding in the router to enable this. Of course, you use passwords for access. And better, you setup a digital certificate in the NAS so that SSL with authentication is used to generally prevent a hacker/script from guessing a password. Depends on how sensitive your NAS data is.