While QNAP forced me to pick up Linux, it wasn't a wholly pleasant experience working with QNAP machines. Many software design decisions decidedly did not make sense, with their own way of organizing files. Other immediate signs indicating that QNAP was not geared for system administration:
admin
group can SSH into the system - not designed for remote SSH.man
software was available.gcc
, python3
need to be pulled in via external third party builds of entware
/optware
. The latest version of Python 3 available is very dated.https://forum.qnap.com/viewtopic.php?t=140634
#> log_tool -qv -s1 -e0 | sort -n 8440, 1,2021-09-04,11:08:32,System,127.0.0.1,localhost,[Storage & Snapshots] Volume "Volume" has reached the space alert threshold of "80%". Free space: 1.42 TB. Insufficient storage space might lead to decreased performance.,517,1630724912,A002,Storage & Snapshots,C001,Volume,
Turns out QNAP firmware updating problems are very common indeed. Luckily the large number of QNAP users providing feedback makes it likely for the problem to have been encountered and solved. Current issue with TS431P not updating to the latest firmware (QTS >5.0) with error FW004, which led to the following page.
Two useful locations:
Somehow on the new network on which I'm deploying the QNAP server, a series of remote addresses repeatedly attempted to perform root/pi/user logins. At first I misread the access logs and suspected my own computer to be a proxy for these accesses, but a series of malware scans and disconnection from network proved they likely weren't the vector. Since the router itself wasn't forwarding port 22, the likelihood of some device being that proxy is high, i.e. infected with malware. Received ~300 intrusion attempts over 8 hours... Wanted to perform a scan of wireless packets with wireshark, but the physical Airpcap adapter is required. As a stopgap measure, perhaps restricting SSH access by IP range filtering would be great.
A list of software and firmware updates done for this system, baring a decision whether to enable auto firmware updates (which, knowing QNAP, are very likely to introduce regressions):
admin
Disabled all the Wifi connections to the router, baring the router...
Turns out it was uPnP, which automatically publishes the port 22 to the router. No wonder it was funny that I could access the port on the NAS even though port forwarding was not set up...
Let's Encrypt Go: https://forum.qnap.com/viewtopic.php?f=320&t=132911
Namecheap DDNS client: https://gist.github.com/t6/e48455f6ceed088ad619
DDClient: https://www.namecheap.com/support/knowledgebase/article.aspx/583/11/how-do-i-configure-ddclient/
Network & Virtual Switch > DDNS > DDNS server: Customized
QVPN Service 2 > OpenVPN > Enable OpenVPN server
QVPN Service 2 > VPN Client > VPN Connection Profiles
https://www.qnapclub.eu/en/repo.xml
Tested QNAP TS-431P overall throughput of data transfer is 32MBps across networks, but drops to 21MBps when running a ZIP file. This means the throughput quoted is IO-bounded.