Unable to log in from the internet.

[DarkCorner]

I have a static public IP with a FritzBox 7530AX router.
I placed TrueNAS-SCALE-23.10.1.3 immediately downstream of the FritzBox router with static IP assigned by its DHCP.
I configured the router to enable port 33333 on this static NAS address.
From a second PC connected to the Internet I tried both domain.tld:33333 and Static-IP:33333.
but the login page does not appear.

Do I need to enable anything on the NAS?
Where am I wrong?

 

[LarsR]

The truenas gui uses port 80 for http and 443 for https... where did you get port 33333 from?

 

[danb35]

Furthermore, the TrueNAS UI isn't designed or hardened to be accessible from the public Internet. Put it behind a VPN or other secure network.

 

[DarkCorner]

The NAS is placed in a DMZ behind a firewall with HA Proxy as a reverse proxy.
Port 33333 is for not using port 443; you can indicate it in the configuration.
However, since it is currently not reachable through the firewall and since I couldn't find any errors, I tried to make it public by inserting it directly into the Internet immediately downstream of the router.
And actually it can't be reached this way either, so I ask if there isn't a block inside the TrueNAS that needs to be eliminated.

 

[danb35]

The NAS is placed in a DMZ behind a firewall with HA Proxy as a reverse proxy.

I'm not sure why you think that makes it a good idea.

I ask if there isn't a block inside the TrueNAS that needs to be eliminated.

No, there isn't.

 

[Ericloewe]

I'm not sure why you think that makes it a good idea.

I'm not sure how the expression "DMZ" can be interpreted as anything other than "keep stuff out of here" - it is general knowledge that the "Demilitarized" part refers to being violently demilitarized by gunfire from the other side upon stepping in, right?

 

[DarkCorner]

As I was saying, the NAS is publicly esposed only for testing. When I'm not doing tests it's off.

You confirm that there are no blocks, as I thought. So, the test is over.

I didn't understand why the NAS shouldn't be in the DMZ.