Diagnosing inoperable QNAP backups.

[Jay Bird]

Hi All,

I've been seeking information recently as to why my scheduled and manual back up jobs from my Qnap have stopped working.

Qnap uses "hybrid back and sync 3" (an app) to backup data to Backblaze B2.

My backups have stopped working since installing untangle. They fail immediately with a generic "key error" message.

I didn't at first suspect the untangle box, but after more than a month of searching with no resolution, I have determined it's one of the only pieces of the puzzle left that is consistent amongst all back up jobs.

I cannot locate any information to specific firewall rules required by HBS3.

One thought I had was, is there a way to monitor untangle in real time while simultaneously manually starting a backup job from the Qnap and witness if the untangle box is or is not blocking the communication. I'm reasonably certain Qnap HBS3 uses Rsync for cloud backup.

I'm seeking any and all advice on the subject.

Thank you.

[soldier]

Well it's a cloud storage, somewhere on the internet, so for sure you must open some ports. Backblaze uses port 443 to upload data from another system. Did you specify any port for HBS3 on QNAP?
You need to see if QNAP is using port 22 (SSH) or 873 (deamon) for rsync. Then you need to port forward accordingly. This should be done in Config >> Network >> Port Forward Rules.
My best guess would be the following rule:
Screenshot 2021-03-01 233900.png
192.168.1.5 would be your QNAP NAS so change accordingly.

[Jay Bird]

Well it's a cloud storage, somewhere on the internet, so for sure you must open some ports. Backblaze uses port 443 to upload data from another system. Did you specify any port for HBS3 on QNAP?
You need to see if QNAP is using port 22 (SSH) or 873 (deamon) for rsync. Then you need to port forward accordingly. This should be done in Config >> Network >> Port Forward Rules.
My best guess would be the following rule:
Screenshot 2021-03-01 233900.png
192.168.1.5 would be your QNAP NAS so change accordingly.

I'm still waiting on a reply from Qnap support to confirm any port they use for HBS3. I have a hard time believing this isn't written in any docs or in the Qnap itself. But as of yet, I've been unable to discover the port inherent to HBS3

[Jay Bird]

also seems like I would either need to tag the Qnap in untangle or somehow otherwise differentiate it from all other devices on the network in order to make this rule work. Maybe by address rather than tag, as the IP address IS static.

[soldier]

You don't need any tags for the rule I attached (or what rule are you refering to?). I would at least try the port forwarding rule first with port 22 and then 873 and see if it works (while waiting for the response from QNAP).

[Jay Bird]

I wanted to follow up with this.

What was determined is that untangle was blocking the backup urls in web filter. I added the specific domains for the api to PASS sites, and it now works just fine.

[bEeReE]

Well it's a cloud storage, somewhere on the internet, so for sure you must open some ports.

Don't agree and strictly recommend not opening ports (making wholes in your network protection), if not absolutely required. Especially critical ports like 22.

It depends on the real goals, network topology/operating mode of NGFW (bridge/NAT Gateway) of the poster. I assume the QNAP and clients are positioned behind NGFW.

• If backups from QNAP to a cloud service are required: Should be possible without opening ports, since the connection and syncs are started in a backup task from inside the network. No additional Firewall rules (whether filter rules nor in the Firewall App) are required - NGFW does not block anything by default.
• If the goal is to directly access the QNAP from the Internet, then port forwarding is required.