TrueNAS CORE in LAN mode

[J4y1900@]

I installed TrueNAS CORE (TNASC) 12 on Terra-Master (TM) F2-221 without any issues so far. Thanks to 100s of youtube videos. I haven't copied folders, movies or shows to the RAID 1 (mirror).

My hardware:
TM F2-221 with 2 HDD in mirror mode
Laptop Hackintosh (dual boot WIN11 and Monetary 12.1)
Desktop (family use: school)
Router; R7000 running DD-WRT

I would like to have access to the NAS within my home network (LAN) without connecting the F2-221 (TNASC) to the internet (WAN). Basically, block all internet access on the TNASC for peace of mind.

Thank you

 

[elvisimprsntr]

@J4y1900@

Welcome and congrats!

TerraMaster F2-221 2-Bay NAS for Small Business and Personal Cloud Storage

Small, Light, and Powerful. F2-221 is an ideal candidate for home multimedia entertainment and small office applications.

www.terra-master.com

1. The specs for the F2-221 seem to have max RAM of 6GB (link above), which is well below the minimum recommended. Although, I have seen reviews of the same model that list higher max RAM.

CORE Hardware Guide

Describes the hardware specifications and system component recommendations for custom TrueNAS CORE deployment.

www.truenas.com

2. What media did you install TrueNAS on? If you installed TrueNAS on one of the SATA drives, you will not be able to use that disk for anything else, since TrueNAS will occupy the entire disk. You will need to install TrueNAS on an external SSD in a USB enclosure based on available expansion of the unit. USB flash thumb drives are not recommended as they do not have the same wear leveling and write life cycle.

3. If you don't want or need WAN access, then make sure to put the appliance behind a firewall, disable UPnP in FW, and don't manually open any ports. TrueNAS will need access to the internet to check for updates and install jails/plugs-ins.

 

[Jailer]

I installed TrueNAS CORE (TNASC) 12 on Terra-Master (TM) F2-221 without any issues so far.

The key words here being "so far". That NAS doesn't meet the minimum memory requirements for TrueNAS. You should know that because the installer gives you a warning that you have to click through when installing the OS. Without knowing what random hardware those things have I'm betting you are not going to have a good experience running TrueNAS on it.

 

[J4y1900@]

Thank you for your input. I will need to add more info.
@Jailer I should be more thorough in my post. TM F2-221 comes as you mentioned with 2GB memory. So, I upgraded the unit to 10GB using Crucial CT102464BF160B 8GB. The max useable memory is 8GB
I followed this link btw: joelduncan.io/freenas-on-terramaster-f2-221/

@elvisimprsntr The unit comes with 16GB USB stick preloaded with TOS (TM's own OS). I removed the USB stick and replaced it with 64GB TNASC OS. The unit boot from the USB stick
I am trying to not add any hardware (firewall with psense or anything else). I dont mind turning the internet on once in a while for updates etc, but I prefer to keep it off the internet.

For now, my plan is (not the most efficient):
1. Turn off the internet modem (unplug or using smart plug)
2. Plug the ethernet cable to TNASC box (home network)
3. Transfer files from my PC/Laptop to the TM F2-221 TNASC
4. Disconnect the Ethernet cable from the TNASC
5. Turn on the modem

I wish there was a kill switch for the internet.

 

[NugentS]

I don't think you are going to get much help here with that setup. Basically its not suitable and no-one here is interested in helping you run something that will put your data at risk.

 

[artlessknave]

10GB

MINIMUM for TrueNAS is 16GB. this is not 16GB
if you want it in your LAN, plug it into your LAN. it will be controlled by your gateway, whatever that is. don't give it a default gateway, and it will not be able to reach the internet. as the only thing it does is check for updates, doing this is pointlessly paranoid.
if you do not HAVE a gateway/firewall, then everything is already on the WAN, and you don't have a LAN to begin with. trying to restrict just one device in such a config is like...complaining about the sword in your chest preventing you from seeing the sword in your leg....

while impressive that you got it working on what is obviously proprietary hardware, this is not a reliable and long term configuration. please seriously reconsider this idea.
there are other nas OS's that would be much better suited to this, such as openmediavault, unRAID

 

[Jailer]

MINIMUM for TrueNAS is 16GB.

The minimum required memory for TrueNAS is 8GB.

 

[artlessknave]

The minimum required memory for TrueNAS is 8GB.

oh. my bad. thinking it was 16GB for some reason. maybe I confused that with disk size. hmm.
ignore than part then.
I certainly wouldn't run it on less than that.

 

[winnielinnie]

Router; R7000 running DD-WRT

I would like to have access to the NAS within my home network (LAN) without connecting the F2-221 (TNASC) to the internet (WAN). Basically, block all internet access on the TNASC for peace of mind.

You can do this with FreshTomato or DD-WRT on your Nighthawk router. Just add a custom firewall / iptables rule. However, keep in mind this will block TrueNAS from checking for updates and from sending alerts to your email.

FreshTomato makes this even easier, as you can add individual devices (based on MAC address or IP address) to an "Access Restriction list" that outright blocks all internet traffic to the specified device.


Here's an example of what that might look like when adding a new entry:

 

[elvisimprsntr]

I am trying to not add any hardware (firewall with psense or anything else). I dont mind turning the internet on once in a while for updates etc, but I prefer to keep it off the internet.

I understand your concern. I suspect you are here as a result of recent TeraMaster Deadbolt attacks.

Urgent Notification about TNAS being Attacked by Ransomware - TerraMaster Official Forum

Even though I was not hit with ransomware since I never expose my NAS directly to the internet, I switched to TrueNAS because I got tired of QNAP QTS hard coded credentials and vulnerabilities.

As long as you place TrueNAS behind your existing DD-WRT firewall, disable uPnP, don't port forward, there is little risk of TrueNAS being compromised externally.

Also, keep in mind that RAID is not a backup, RAID is resiliency. Make sure you have a 3-2-1 backup strategy in place.

 

[sretalla]

thinking it was 16GB for some reason

You're right... it has recently been updated by iX to 16GB... I guess 8GB installs didn't just stop working at that moment though.

 

[J4y1900@]

Thank you all for a wonderful and very informative discussion/help. I truly appreciate it.

@winnielinnie the answer was right in front of me. Firewall policy as per your post worked like a dream. Thank you very much!
As @artlessknave would say in one of his metaphors: the tree was blocking me from seeing the forest

I will keep my mind open about investing in upgrading my NAS. but for time being paranoia and precaution is my back up.