Question on Configuring FreeNAS Without Being Able to Edit Router ACLs

[Makumazon]

Just make firewall rules and you are fine.

Example of your network:
Network: 192.168.10.0/24
Gateway (router): 192.168.10.1
NAS: 192.168.10.2
Workstations: 192.168.10.3 - 192.168.10.20

So firewall rule will be like:
Allow src-nat 192.168.10.0/24
Deny/Drop rest of the incoming connections

Result:
Anyone from your subnet will be able to access NAS
No one outside your subnet will be able to access NAS

How to set:
http://www.freebsd.org/doc/en/articles/linux-users/firewall.html

HolyK, do you have any suggestions on how to do this without being able to edit router ACLs? I am running a FreeNAS Mini for a home storage solution and am on a Asus RT-AC3100. I do not have a enterprise router with ACLs to change.

I have set a static IP on the NAS and have been looking into how within the router to stop that IP from hitting WAN but so far no joy. So I am hoping there is a way to configure the NAS itself. In the end I am just trying to keep my NAS on LAN only.

 

[Zredwire]

On your NAS if you take out the default gateway address then it should not be able to get to the internet. But if you do this then things like searching for updates (from the NAS), NTP, etc. will not work (if that matters to you).

 

[nojohnny101]

@Makumazon as you probably have gathered, it is generally not advised to revive old threads. Information, releases, hardware, versions, etc. change too quickly for 4 year old threads to really remain relevant (there are exceptions of course).

 

[JoshDW19]

Hey @Makumazon. I'm sorry you didn't receive a very good welcome from some of our members. Inflammatory behavior is not permitted and the posts in question have been removed from public view. Anyone participating in this thread needs to calm down and remember that @Makumazon just joined our forum on Sunday. Many people may not be familiar with forum netiquette and are willing to accept positive feedback as @nojohnny101 demonstrated. Can't we show him a little bit of grace and relax a bit? Thanks everyone! The thread will be re-opened and split off into a new thread. Please don't participate unless you're willing to help the op! Thanks. - Josh

 

[danb35]

The answer remains the same as in the deleted posts: this needs to be done in the router/firewall. If OP's router doesn't support configuration to this degree of granularity, he needs to either flash the router to an alternate firmware that does (if available), or replace the router.