merci pour le compliment
voici la réponse qui m'a été apportée qui ne m'a guère satisfait . (j'ai fait des propositions suite à la lecture de ce message)
"this is the correct design for security concern.
The Debian in the Linux Center is a virtual environment which is independent with NAS, so its network is separated from NAS.
Two virtual network interfaces are generated by default in Debian, one is in NAT mode (10.XX.XX.XX), which can only communicate with Debian from the NAS.
The other one is the bridge, which means other NAS or PC in the same gateway (LAN) can communicate with Debian.
This kind of virtual network design is normal for virtual machines, and default network gateway will be set in NAT interface.
By default, the packet will be sent from the NAT interface, so the external ip cannot connect to Debian in Linux Center through the router.
Debian with a default password can easily be forced to attack by viruses or Trojans on the Internet if it can be connected directly via external IP, which is a security issue."