TerraMaster Official Forum

Got an F4-423 a few days ago (first one I received ate its internal USB boot drive - please can you just make a workable flash image available for fixing that), and I've since noticed with its replacement that it's exposing the following via upnp:

TCP:5443:192.168.0.98:5443:1686088691:http_ssl
TCP:8181:192.168.0.98:8181:1686088691:http
TCP192.168.0.981686088941:Plex Media Server

PLEX is expected, but what the hell is it doing opening up http(s) access to its UI to the entire internet!?

Thankfully my router runs miniupnp and has the ability to ignore upnp requests from specific IP addresses, and setting up a manual forward for PLEX sorts that, but my god Terramaster you need to get this sorted. There's nowhere in the UI that I can see that it either claims it's going to do this, or where you could even enable the option.

TOS version is 5.1.34.00007

Control Panel > Network > Discovery Service

Gremlin wrote: ↑31 May 2023, 06:31 Control Panel > Network > Discovery Service

All that (suggests) it does is advertise the NAS to your local network; certainly doesn't appear to be anything related to enabling remote access to it. Plus it was disabled anyway.

I did not see where is the problem. 192.168.0.98 is your TNAS local IP address, port 5443 is https connection port, port 8181 is http connectioin port. without these two ports, you will not able to access your TOS web UI.

Whether it is exposed to the Internet depends on whether you have port forwarded on the router. Only use your TNAS local IP address, other people cannot access it from the Internet.

That output is from the miniupnp log on my router, which shows that it's been asked to forward those ports - externally - to the internal 192.168.0.98 address. And as I said, if I don't specifically block this, then the NAS UI *is* visible when connecting externally because I've tested and confirmed that.

I see from searching that Terramaster has had this problem before (eg https://www.storagereview.com/news/terr ... -over-upnp). From what I'm seeing with my NAS...it's happening again!

Sorry my earlier post did not assist you. I try and turn off upnp an every device in my network.
Just to be certain I just ran an Nmap scan and found only 2 devices utilising upnp. One is an old Sky satellite box and the other is a Now TV dongle neither of which are configurable. Certainly, I turn off upnp on my router anyway.

TNAS has upnp disabled (as earlier) and is certainly not a source of upnp as far as I am concerned.

I don't have plex enabled (or anything else of that nature at the moment).
Perhaps Plex itself is the culprit or maybe another service is using upnp despite the TNAS cotrol panel setting.
Maybe try a acan of your network to see what is going on.

PLEX uses upnp to request the port it wants open, and there's nothing unusual in that, but TOS *should not* be asking for ports to be opened for its own UI - that's where the problem lies. Obviously you still need a username and password to get in, but the UI should not - unless there was a specific option for it that the user has to pre-enable - be presenting itself to the wider internet. Other users who don't know their way around upnp (and will have it enabled because of things like xbox live) are going to get caught out by this.

No more thoughts on this @Terramaster?

Let me reiterate:

TOS is sending UPNP broadcasts requesting that ports 5443 and 8181 are port forwarded to it, exposing its UI to the wider internet.

we are verifying this issue, please wait.

Happy to help in any way I can, eg providing logs, etc.