Results 1 to 7 of 7
  1. #1
    Untanglit
    Join Date
    Jan 2021
    Posts
    18

    Default Diagnosing inoperable QNAP backups.

    Hi All,

    I've been seeking information recently as to why my scheduled and manual back up jobs from my Qnap have stopped working.

    Qnap uses "hybrid back and sync 3" (an app) to backup data to Backblaze B2.

    My backups have stopped working since installing untangle. They fail immediately with a generic "key error" message.

    I didn't at first suspect the untangle box, but after more than a month of searching with no resolution, I have determined it's one of the only pieces of the puzzle left that is consistent amongst all back up jobs.

    I cannot locate any information to specific firewall rules required by HBS3.

    One thought I had was, is there a way to monitor untangle in real time while simultaneously manually starting a backup job from the Qnap and witness if the untangle box is or is not blocking the communication. I'm reasonably certain Qnap HBS3 uses Rsync for cloud backup.

    I'm seeking any and all advice on the subject.

    Thank you.

  2. #2
    Master Untangler
    Join Date
    Nov 2018
    Posts
    140

    Default

    Well it's a cloud storage, somewhere on the internet, so for sure you must open some ports. Backblaze uses port 443 to upload data from another system. Did you specify any port for HBS3 on QNAP?
    You need to see if QNAP is using port 22 (SSH) or 873 (deamon) for rsync. Then you need to port forward accordingly. This should be done in Config >> Network >> Port Forward Rules.
    My best guess would be the following rule:
    Screenshot 2021-03-01 233900.png
    192.168.1.5 would be your QNAP NAS so change accordingly.

  3. #3
    Untanglit
    Join Date
    Jan 2021
    Posts
    18

    Default

    Quote Originally Posted by soldier View Post
    Well it's a cloud storage, somewhere on the internet, so for sure you must open some ports. Backblaze uses port 443 to upload data from another system. Did you specify any port for HBS3 on QNAP?
    You need to see if QNAP is using port 22 (SSH) or 873 (deamon) for rsync. Then you need to port forward accordingly. This should be done in Config >> Network >> Port Forward Rules.
    My best guess would be the following rule:
    Screenshot 2021-03-01 233900.png
    192.168.1.5 would be your QNAP NAS so change accordingly.
    I'm still waiting on a reply from Qnap support to confirm any port they use for HBS3. I have a hard time believing this isn't written in any docs or in the Qnap itself. But as of yet, I've been unable to discover the port inherent to HBS3

  4. #4
    Untanglit
    Join Date
    Jan 2021
    Posts
    18

    Default

    also seems like I would either need to tag the Qnap in untangle or somehow otherwise differentiate it from all other devices on the network in order to make this rule work. Maybe by address rather than tag, as the IP address IS static.

  5. #5
    Master Untangler
    Join Date
    Nov 2018
    Posts
    140

    Default

    You don't need any tags for the rule I attached (or what rule are you refering to?). I would at least try the port forwarding rule first with port 22 and then 873 and see if it works (while waiting for the response from QNAP).

  6. #6
    Untanglit
    Join Date
    Jan 2021
    Posts
    18

    Default

    I wanted to follow up with this.

    What was determined is that untangle was blocking the backup urls in web filter. I added the specific domains for the api to PASS sites, and it now works just fine.

  7. #7
    Untangler
    Join Date
    Jun 2020
    Posts
    33

    Default

    Quote Originally Posted by soldier View Post
    Well it's a cloud storage, somewhere on the internet, so for sure you must open some ports.
    Don't agree and strictly recommend not opening ports (making wholes in your network protection), if not absolutely required. Especially critical ports like 22.

    It depends on the real goals, network topology/operating mode of NGFW (bridge/NAT Gateway) of the poster. I assume the QNAP and clients are positioned behind NGFW.
    • If backups from QNAP to a cloud service are required: Should be possible without opening ports, since the connection and syncs are started in a backup task from inside the network. No additional Firewall rules (whether filter rules nor in the Firewall App) are required - NGFW does not block anything by default.
    • If the goal is to directly access the QNAP from the Internet, then port forwarding is required.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2