My TrueNAS build is acceceble via my public IP

[Noodle42089]

Hi Guys,

I am fairly new to Truenas and i have a question. A few days ago i connected my build to DDNS via google domains and that works now, with the help of some videos like SpaceREX. But today i found out that my build is acceceble via my public IP. I do not think that is the intended way right?

Is there a way to stop this? I have TP-Link router and the UI is a bit annoying to work with but i am open for suggestions.

Tnx in advance guys!

 

[ChrisRJ]

I would disable the DDNS immediately and also close any ports on the router. This is a dangerous setup.

 

[kiriak]

These videos are useful for education but should have warnings like "Do no try this at home".

One to be secure with these some minimum knowledge is required, careful planning and constant spending of time on it, like a professional or a higher level hobbyist.
Otherwise the odds are against him.

Given the above and since I am not an IT professional, at present I have only VPN access to my NAS, through a VPN server running on my firewall.
I don't dare to have any other access to my Nextcloud from WAN even if my LAN is behind a Sophos XG firewall router. Technically I managed it, with certificates and everything, but I miss some details and I do not feel comfortable to have it in production yet.
If I needed access form WAN without VPN, like access to my Nextcloud from other people, I would set up in a Raspberry or a miniPC in another VLAN with the minimum required data and always behind a firewall.

 

[Noodle42089]

I would disable the DDNS immediately and also close any ports on the router. This is a dangerous setup.

I think I found the issue. I forwarded one Port that was suggested to me in an other tread of someone having the same issue. On my router, my home up adres of my build was connected to a 80 ip 80 port forwarding. Once I closed that one I cannot acces my server over my public ip. Also my truenas.domain.com does not not function anymore so I guess that was it, my openVPN on the other hand still works.

 

[Noodle42089]

These videos are useful for education but should have warnings like "Do no try this at home".

One to be secure with these some minimum knowledge is required, careful planning and constant spending of time on it, like a professional or a higher level hobbyist.
Otherwise the odds are against him.

Given the above and since I am not an IT professional, at present I have only VPN access to my NAS, through a VPN server running on my firewall.
I don't dare to have any other access to my Nextcloud from WAN even if my LAN is behind a Sophos XG firewall router. Technically I managed it, with certificates and everything, but I miss some details and I do not feel comfortable to have it in production yet.
If I needed access form WAN without VPN, like access to my Nextcloud from other people, I would set up in a Raspberry or a miniPC in another VLAN with the minimum required data and always behind a firewall.

i agree, I had the same idea but nextcloud did Want to work for me. And because I am away for work most of the time I figured i wach some videos. In the end, with some trial and error you get there and I think now I have fixed the biggest issue. Luckily for me it was only live for a few days and I had 2FA on from the start. Let’s hope that this theat is a example for other people trying out this by themselves!

 

[ChrisRJ]

Given the above and since I am not an IT professional, at present I have only VPN access to my NAS, through a VPN server running on my firewall.

I am an IT professional and therefore only allow access via VPN