Qnap behind pfsense backup to amazon glacier
-
Hi I hope someone can help me setting this up :D as i have no experience with glacier.
i have used amazons tool to get a list of cidr ip ranges
/jq-linux64 '.prefixes[] | select(.region=="eu-central-1")' < ip-ranges.json > amazon.txtnow this pipes out 2 types of services:
1:
"ip_prefix": "54.231.192.0/20",
"region": "eu-central-1",
"service": "AMAZON"and
2:
"ip_prefix": "52.57.0.0/16",
"region": "eu-central-1",
"service": "EC2"now my plan is to make and ip alias and allow it to qnap ip port 443
so.. for glacier shall i use service EC2 or Amazon (i am guessing on Amazon) ??? or mayby somthing else…
and is port 443 the right one ?best regards
-
"now my plan is to make and ip alias and allow it to qnap ip port 443"
Huh?? So your doing outbound blocking and you only want your qnap to talk outbound to these netblocks?? Or your thinking you need to forward inbound ports?
Where is your nas connected on pfsense? the lan if so the rules are any any out of the box, have you changed these? Your nas should be able to backup to glacier without any issues if it supports that. Without anything needing to be done on pfsense.
-
qnap is on the lan side.
and i was thinking that i would only allow amazon ip ranges to get forwarded from a virtual wan ip to qnap lan ip port 443guess i thought that i needed a rule to allow amazon to restore (outside in) but maybe the traffic will be related and automatic allowed ?
-
if you call for a restore, you would still be initiating the connection from qnap to glacier. At no time would the outside be creating an unsolicited connection to you that I could think of. You don't just want amazon/glacier creating connections into your qnap when they want.
Your qnap would create the connection and say here are some new files and upload them, or hey I need these files back and download them, etc.