Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Qnap behind pfsense backup to amazon glacier

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      c00kie55
      last edited by

      Hi I hope someone can help me setting this up  :D as i have no experience with glacier.

      i have used amazons tool to get a list of cidr ip ranges
      /jq-linux64  '.prefixes[] | select(.region=="eu-central-1")' < ip-ranges.json > amazon.txt

      now this pipes out 2 types of services:

      1:
      "ip_prefix": "54.231.192.0/20",
        "region": "eu-central-1",
        "service": "AMAZON"

      and

      2:
      "ip_prefix": "52.57.0.0/16",
        "region": "eu-central-1",
        "service": "EC2"

      now my plan is to make and ip alias and allow it to qnap ip port 443

      so.. for glacier shall i use service EC2 or Amazon  (i am guessing on Amazon) ??? or mayby somthing else…
      and is port 443 the right one ?

      best regards

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        "now my plan is to make and ip alias and allow it to qnap ip port 443"

        Huh??  So your doing outbound blocking and you only want your qnap to talk outbound to these netblocks??  Or your thinking you need to forward inbound ports?

        Where is your nas connected on pfsense?  the lan  if so the rules are any any out of the box, have you changed these?  Your nas should be able to backup to glacier without any issues if it supports that.  Without anything needing to be done on pfsense.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • C
          c00kie55
          last edited by

          qnap is on the lan side.
          and i was thinking that i would only allow amazon ip ranges to get forwarded from a virtual wan ip to qnap lan ip port 443

          guess i thought that i needed a rule to allow amazon to restore (outside in) but maybe the traffic will be related and automatic allowed ?

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            if you call for a restore, you would still be initiating the connection from qnap to glacier.  At no time would the outside be creating an unsolicited connection to you that I could think of.  You don't just want amazon/glacier creating connections into your qnap when they want.

            Your qnap would create the connection and say here are some new files and upload them, or hey I need these files back and download them, etc.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.