SOLVED Need help closing some ports (Exposing SMB via VLAN)

Lobanz

Lobanz

Dabbler
Joined
Jul 2, 2023
Messages
16
So, I have TrueNAS SCALE up and running and I like it a lot.

I've segmented the network so that all the servers, admin interfaces, etc are segregated on a separate VLAN (SERVERS) from all the rest of the normal devices (CLIENTS). pfSense is doing the routing and such. Everything plugs into a Cisco SG-500 gigabit switch.

So I figured I would expose SMB services to the CLIENTS network via a VLAN interface on TrueNAS. Thought it would be faster than having to route through pfSense. So TrueNAS has an interface on the CLIENTS network and I moved the binding of all the management interfaces only on the SERVERS network. I also bound NFS only to the SERVERS network since that's the only place it's used.

So, I did an nmap scan of the TrueNAS CLIENTS IP and got the following:

Nmap scan report for nas-1 Host is up (0.0033s latency). Not shown: 1989 closed ports PORT STATE SERVICE 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3493/tcp open nut 5904/tcp open unknown 6000/tcp open X11 111/udp open rpcbind 123/udp open|filtered ntp 137/udp open netbios-ns 138/udp open|filtered netbios-dgm 5353/udp open|filtered zeroconf

So, I only wanted the Samba ports: 137/udp, 138/udp, 139/tcp amd 445/tcp.

NFS is only bound to the SERVERS VLAN but for some reason it also shows up here.

I am using NUT, the built in UPS software (with pfSense as a slave). There was no option to control the binding of NUT.

Not sure why X11 or "zeroconf" is showing up.

So, is there a way to close these ports? Or should I just route SMB thru pfSense?

Thanks!


--- Lobanz
 
Lobanz

Lobanz

Dabbler
Joined
Jul 2, 2023
Messages
16
1691194174585.png


Alright, well I did some performance testing. I didnt repeat this multiple times, but for some reason, routing through pfSense was faster than accessing through the TrueNAS VLAN interface. About 20 MB/s slower (was in the low 90's).

The Windows copy graph above is routing through pfSense. This has pfBlockerNG enabled but I don't think this really comes into play since this is local traffic. But you can see a dip in the middle. The dip was ntopng. I turned it on for a while and then turned it back off.

1691194814594.png


This one is on the same VLAN so only the switch is involved.

Not sure why the TrueNAS VLAN interface was so much slower. But pfSense isn't hurting me at all, so I'm just gonna go that route.


--- Lobanz
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Need help closing some ports (Exposing SMB via VLAN)"

Similar threads

O
NFSv3 Daemon not using user-specified ports
Replies
4
Views
4K
morganL
M
R
NFS Port 2049 is blocked and can't be used
Replies
0
Views
3K
rezat
R
C
  • Locked
SOLVED NFS unavailable on one interface
Replies
3
Views
3K
Chevalier
C
J
Open ports question
Replies
5
Views
2K
danb35
danb35
DenisInternet
Frequent SMB disconnects, help troubleshooting please.
Replies
5
Views
4K
DenisInternet
DenisInternet
Top