GIZMO_the_Great
Cadet
- Joined
- Mar 20, 2015
- Messages
- 6
Hi
I have setup FreeNAS 9.3 on my server that runs on my internal network behind a router that is firewalled.
The router is your standard commercial grade boradband router (yes, I know its best to get a dedicated one and put the commercial hub into modem mode and I will do that). It allows port forwarding but only rudimentary IP filtering. I am aware that certifcate based authentication is better than password authentication and I am aware that I must ensure all passwords are long and complex and I am aware that root access should be blocked and my sFTP user should not be in the sudo group etc etc.
What I want to do is forward port X (not 22 which is of course standard) on the router to direct all SSH traffic to my FreeNAS so I can sFTP to it remotely. However, I want to limit the amount of attacks by use of IP filtering and\or limits and restrictions.
e.g. 3 failed logins from IP X, ban it.
e.g. Block ALL IP's EXCEPT xxx.xxx.xxx.xxx
In other words, given that my router is a bit lame, I have to accept that until I get a better one, I need to rely on the FreeNAS box to do the dropping and rejecting, rather than the router. So the router might let the IP, but I want FreeNAS to then drop it if it is not in a whitelist, or if it has already tried to login unsuccessfully X times.
I found this but it seemed a bit overkill for what I expected to be somewhat more straightforward?
I had assumed FreeNAS could do this and it probably can, but I am unable to locate where in the GUI settings it is setup and Googling just keeps returning threads written by folk who are trying to allow access and replies by people telling them not to?
Can anyone direct me?
Thanks
I have setup FreeNAS 9.3 on my server that runs on my internal network behind a router that is firewalled.
The router is your standard commercial grade boradband router (yes, I know its best to get a dedicated one and put the commercial hub into modem mode and I will do that). It allows port forwarding but only rudimentary IP filtering. I am aware that certifcate based authentication is better than password authentication and I am aware that I must ensure all passwords are long and complex and I am aware that root access should be blocked and my sFTP user should not be in the sudo group etc etc.
What I want to do is forward port X (not 22 which is of course standard) on the router to direct all SSH traffic to my FreeNAS so I can sFTP to it remotely. However, I want to limit the amount of attacks by use of IP filtering and\or limits and restrictions.
e.g. 3 failed logins from IP X, ban it.
e.g. Block ALL IP's EXCEPT xxx.xxx.xxx.xxx
In other words, given that my router is a bit lame, I have to accept that until I get a better one, I need to rely on the FreeNAS box to do the dropping and rejecting, rather than the router. So the router might let the IP, but I want FreeNAS to then drop it if it is not in a whitelist, or if it has already tried to login unsuccessfully X times.
I found this but it seemed a bit overkill for what I expected to be somewhat more straightforward?
I had assumed FreeNAS could do this and it probably can, but I am unable to locate where in the GUI settings it is setup and Googling just keeps returning threads written by folk who are trying to allow access and replies by people telling them not to?
Can anyone direct me?
Thanks
Last edited:
