How to access QNAP NAS over WAN IP

Bindos
Bindos Posts: 2
First Anniversary
edited May 2021 in Security
Dear Community,

I have recently bought my first Zyxel product (USG20 VPN) and I am therefore new in the field and unfortunately do not know so well yet.

Thanks to a business contract with my Internet provider, I have a fixed WAN IP address.

Now I want to achieve the following: I bought a QNAP NAS to be able to reach my data between two locations from which I work regularly. At the location with the fixed WAN address I have now installed this NAS.

Now I want to be able to access the network drives of the NAS from the other location (without VPN).

The only changes i made where that i used the DMZ interface instead of the LAN1 interface since I have my NAS on a DMZ Port for security reasons. My local ip of the nas is 192.168.3.41 and i can access it locally. But even though I followed the tutorial step by step I can't reach the NAS via my WAN IP + port 50000.

Unfortunately without success. Therefore, I now ask here in the community.

I hope someone can help me with my problem.

With kind regards

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    @Bindos

    Not sure which configuration you missed.

    Here is a similar NAT case that can give you some reference, the only different point is that the service port is 80, not 50000:

    The topology:

    USG20-VPN with WAN IP: 10.214.48.47

    Web server with IP: 192.168.3.33 which belongs to the DMZ zone

    The purpose :

    User can access http://10.214.48.47:50000 and NAT mapping to web server http://192.168.3.33:80

    Configurations & Verification result:

    1. Config physical P6 belongs to the DMZ zone and the web server connects to this port.


    2.Check the DMZ zone setting.


    3.The default DMZ setting.


    4.Add a NAT setting.

    In your scenario, you can change the internal port to 50000.


    5.Add a security policy for NAT usage. 

    Following the service is HTTP(TCP 80 port), in your scenario you can create a new service object of 50000 port named as NAS_Service.


     6. The browser navigates to http://10.214.48.47:50000 and can be mapped to the internal web server.


    Thanks.

  • dpipro
    dpipro Posts: 64  ZCNE Certified
    First Anniversary ZCNE Switch Level 1 Certification - 2020 ZCNE Nebula Level 1 Certification - 2020 ZCNE Security Level 1 Certification - 2019
    @Bindos

    QNAP NAS are being affected for several ransomware attacks in the last months due to QTS vulnerabilities so  we strongly recommend to configure a VPN SSL to have remote access to the NAS instead using a non-protected connection. Check the documentation available at ZyXEL's website.

    BR
    Best regards
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    @dpipro "two" is considerable par to "several" for your measure?
  • zyman2008
    zyman2008 Posts: 197  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    dpipro said:
    @Bindos

    QNAP NAS are being affected for several ransomware attacks in the last months due to QTS vulnerabilities so  we strongly recommend to configure a VPN SSL to have remote access to the NAS instead using a non-protected connection. Check the documentation available at ZyXEL's website.

    BR
    +1
    Strongly recommend, don't directly expose NAS to Internet.
    Using VPN for remote access to reduce the attack surface.

Security Highlight