Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

iptables on Unraid

Featured Replies

Hi All,

 

Could anyone suggest how to make iptables happen on unRaid?  It seems that unRaid kernel does not have ip_tables or I'm missing something.  Our it department is furious that we have open http authentication.

 

Please help.

 

tsol

Could anyone suggest how to make iptables happen on unRaid?   It seems that unRaid kernel does not have ip_tables or I'm missing something.  Our it department is furious that we have open http authentication.

There's nothing to be furious about. Do some reading in the security section of the wiki:

http://lime-technology.com/wiki/index.php?title=FAQ#Security

 

Could anyone suggest how to make iptables happen on unRaid?   It seems that unRaid kernel does not have ip_tables or I'm missing something.  Our it department is furious that we have open http authentication.

There's nothing to be furious about. Do some reading in the security section of the wiki:

http://lime-technology.com/wiki/index.php?title=FAQ#Security

It does not help much if you can only do port 80 (non-SSL), or I missed the part where you can install a web cert?

Until web certificates are implemented ability to filtering out port 80 on unRAID would help.

This way one could set up an external Apache server with mod_proxy set, so at least traffic between the proxy and the user would be encrypted and direct access to non-SSL unRAID port would be restricted with the IP of the proxy.

 

 

 

Can emhttp be set to only listen on localhost and an alternate port?

 

I know emhttp can use an alternate port with -p (port number)

I don't know if it can only listen on a specific address.

 

Perhaps post a suggestion for IP Validation in the Feature Request forum

http://lime-technology.com/forum/index.php?board=2.0

 

This could be done if IP tables is compiled into the kernel or emhttp supported tcpwrappers with a call to libwrap.

 

Could anyone suggest how to make iptables happen on unRaid?   It seems that unRaid kernel does not have ip_tables or I'm missing something.  Our it department is furious that we have open http authentication.

 

If your department is furious enough, then they would probably gladly spend a $100 or so for a small router.

So set up your unRAID on its own subnet, behind it's own little router:

Flash that router with something like dd-wrt, and you can do pretty much whatever filtering you desire.

 

Could anyone suggest how to make iptables happen on unRaid?   It seems that unRaid kernel does not have ip_tables or I'm missing something.  Our it department is furious that we have open http authentication.

 

If your department is furious enough, then they would probably gladly spend a $100 or so for a small router.

So set up your unRAID on its own subnet, behind it's own little router:

Flash that router with something like dd-wrt, and you can do pretty much whatever filtering you desire.

 

 

Putting a file server behind a $100 router... I think it was a joke...

 

 

The unRAID software comes with the kernel .config file and the md driver.

So the kernel can be recompiled with ip tables and the bzroot/bzimage rebuilt.

There is a custom article on building a custom kernel in the wiki

http://lime-technology.com/wiki/index.php?title=Building_a_custom_kernel

 

Please see all related links on the bottom of the page too.

 

After the custom kernel install the ip tables tools and you are ready to go.

 

  • Author

Thank you very much.  I will try rebuild the kernel.  Will let you guys know how it goes.

Could anyone suggest how to make iptables happen on unRaid?   It seems that unRaid kernel does not have ip_tables or I'm missing something.  Our it department is furious that we have open http authentication.

 

If your department is furious enough, then they would probably gladly spend a $100 or so for a small router.

So set up your unRAID on its own subnet, behind it's own little router:

Flash that router with something like dd-wrt, and you can do pretty much whatever filtering you desire.

 

 

Putting a file server behind a $100 router... I think it was a joke...

 

 

Did you even give it five seconds of thought?

 

Go have a look at dd-wrt.

 

Could anyone suggest how to make iptables happen on unRaid?   It seems that unRaid kernel does not have ip_tables or I'm missing something.  Our it department is furious that we have open http authentication.

 

If your department is furious enough, then they would probably gladly spend a $100 or so for a small router.

So set up your unRAID on its own subnet, behind it's own little router:

Flash that router with something like dd-wrt, and you can do pretty much whatever filtering you desire.

 

 

Putting a file server behind a $100 router... I think it was a joke...

 

 

Did you even give it five seconds of thought?

 

Go have a look at dd-wrt.

 

I think it would work just fine...  Might not even cost $100.  Last router I picked up that could be loaded with dd-wrt was under $30.
Did you even give it five seconds of thought?

 

Actually, most consumer-grade routers -- while some have good security and firewalls -- do not support data rates adequate to handle a file server.  THey are fine on a 10Mbps broadband connection, but are not adequate to firewall a server on a LAN. 

 

For example, the veritable WRT56GL maxes out around 50 Mbps (6MB/sec) of WAN-to-LAN routing. 

Actually, most consumer-grade routers -- while some have good security and firewalls -- do not support data rates adequate to handle a file server.

Well, we are talking about a consumer-grade NAS appliance here. (unRAID)

If his company needs a professional-grade file server, then there are other solutions out there.

 

Actually, most consumer-grade routers -- while some have good security and firewalls -- do not support data rates adequate to handle a file server.

Well, we are talking about a consumer-grade NAS appliance here. (unRAID)

If his company needs a professional-grade file server, then there are other solutions out there.

 

 

Easy, easy...

unRAID is just fine for archive type applications, but it does not imply one should put unRAID behind low-end router with less than adequate throughput.

 

Actually, most consumer-grade routers -- while some have good security and firewalls -- do not support data rates adequate to handle a file server.

Well, we are talking about a consumer-grade NAS appliance here. (unRAID)

If his company needs a professional-grade file server, then there are other solutions out there.

 

 

Easy, easy...

unRAID is just fine for archive type applications, but it does not imply one should put unRAID behind low-end router with less than adequate throughput.

 

 

What the heck is your point?  The guy who started this thread was "furious" about a particular problem (that most unRAID users don't have), and I suggested one (of many possibe) solution that would work.  If you have different solutions for that, then feel free to post them.

 

Actually, most consumer-grade routers -- while some have good security and firewalls -- do not support data rates adequate to handle a file server.

Well, we are talking about a consumer-grade NAS appliance here. (unRAID)

If his company needs a professional-grade file server, then there are other solutions out there.

 

 

Easy, easy...

unRAID is just fine for archive type applications, but it does not imply one should put unRAID behind low-end router with less than adequate throughput.

 

 

What the heck is your point?  The guy who started this thread was "furious" about a particular problem (that most unRAID users don't have), and I suggested one (of many possibe) solution that would work.  If you have different solutions for that, then feel free to post them.

 

 

Man, why are you so stubborn and want to fight? Or you have nothing to do?

 

Solutions guys, put the personal criticisms aside and build on each others solutions.

There were a number of viable options.  Debate the options and topics at hand.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.