I think a safe and secure way would be to
register a dyn dns like noip.
get a proper (or 2nd) router ( i like pfsense and openWRT/ ddWRT)
install noip renewal stuff
set up a vpn (like openvpn)
set up a few firewall rules, so that your network is not completely visible for someone who has vpn access
use whatever you want to use, from smb to nextcloud or ftp.
quick and very insecure way:
register dnydns service
open port on your router (common ports can be found on wiki) and forward traffic to ip address of freenas
you and the whole world can access up to your freenas. the only last security barrier is the application, running on freenas. like a password for nextcloud. maybe compare latest version of nextcloud with the actual one you can install via the jail gui.
there is a reason, why you can find so many tutorial out there for setting up a secure mongo DB for nextcloud.
I was considering/setting up a security concept for almost a half year. after reading about security and freenas, I ended up with pfsense (very flexible firewall/router). from the outside world, only a few ip addresses can pass the fire wall and only through vpn tunnel.
in other words, i personally think freenas is an enterprise OS which is partly oriented for SOHO or hobby enthusiasts (all this vm/ jail stuff).
in a proper IT environment you have a security concept and tools for blocking threads. Freenas is in my opinion not focused on security.
I can only say, do not rely on freenas in terms of cyber security. get a firewall & VPN and do it right.
step to step for insecure:
go to your router, search for port forwarding. take the ip address of the entity you want to remotely access (freenas or jail) enter that ip address there.
check which service you want to use and determine the standard port number.
after that get your outside ip address from your network (whatismyip.com)
take a device outside of your network and enter the outside network ip address. that will work until you get a new ip address.
be aware there are thousands/ millions of bots out there which are continuously searching for open ports and just try the standard attacks. my firewall log is giving me 2-3 tries every 10 mins for just one small country which can pass the firewall.
imagine the amount of tries if the whole world can scan your open port.