Access freenas gui outside network

[Shinryu204]

Hi,

Does anyone know how to configure your router to access my freenas gui from work for say? My internal ip for freenas box is on 192.168.1.133, not sure about the port. Any help would be appreciated.

Thanks

 

[DrKK]

This is going to sound nasty, and I don't mean it to be.

The answer is this: Accessing the FreeNAS box or GUI from the internet (which is what you want to do) is very risky, and requires someone that understands the nuances of networking and security. The fact that you would even ask what the port is? means that you have absolutely no experience whatsoever. Therefore, in your case, I am going to strongly recommend not even TRYING to do this. I suspect if you do it, the Chinese or Russians will be mining bitcoin on your box by the end of the day.

The FreeNAS GUI is not meant to be accessed from the internet without a good deal of expertise.

 

[SeaFox]

Since the FreeNAS GUI is more of an administration interface anyway, I would question why you would need such access 24/7 to start with. If something happens, I would deal with the issue when you're back at home.

That being said, I don't agree with DrKK's position that FreeNAS services should be LAN-only. I have ports forwarded for my torrent client's web UI and for FTP. The user accounts on FTP are chroot, don't get shell access, and I don't use "admin" or anything else that stupid as an account name.

 

[DrKK]

SeaFox, there's quite a large different between opening up your FreeNAS appliance, *ITSELF* to the WAN, versus opening a few ports for some stupid torrent client.

Obviously, it makes sense to open ports to jailed services whose actual raison d'etre is to be opened to the WAN.

The OP wants to open ports to his web interface that manages the appliance. Quite a difference. The GUI is not necessarily hardened against that attack surface, and *ZERO* of the usual suspects, including the devs, recommend that anyone even think about doing that unless they know what they're doing and take special precautions.

But you're right about one thing: why the hell would you even WANT to open the management interface to the WAN? What's the use-case? The 0.0000018% chance you need to make some GUI change from afar? Cyberjock once went about 6 months, or more, without once accessing the GUI, at all, LAN, or otherwise.

 

[SeaFox]

SeaFox, there's quite a large different between opening up your FreeNAS appliance, *ITSELF* to the WAN, versus opening a few ports for some stupid torrent client.

Obviously, it makes sense to open ports to jailed services whose actual raison d'etre is to be opened to the WAN.

Ah, I apologize then. I misunderstood your position.

There are a few people in these forums who take the stance that FreeNAS is a LAN appliance only, and that nothing on the FreeNAS server should be proactively accessible from the Internet, since it gives an attacker access to something on your LAN, making it a security risk.

 

[diedrichg]

Once I realized I had the ability to run a VPN server on my Asus router I immediately shut down port forwarding to my FreeNAS gui. I now VPN in to my network to access the gui.

 

[Shinryu204]

Thanks for the heads up. I think vpn is the way to go. Anyone have a guide to set this up?

 

[Market Guru]

So if you place a firewall like suggested pfsense for home would that help protect such intrusion? policy setting all correct that is

 

[Whattteva]

Thanks for the heads up. I think vpn is the way to go. Anyone have a guide to set this up?

Kinda' tough to provide a guide as everyone runs different routers and have different network setup.

 

[Shinryu204]

Kinda' tough to provide a guide as everyone runs different routers and have different network setup.

I just need to know how to enable it on my box

 

[Whattteva]

Someone is going to chew on me for providing this information (it's ultra insecure and basically asking to be hacked), but I'm simply answering a question you posted.
You want to forward port 80 to your FreeNAS box (192.168.1.133).
If it does not work, it's most likely because your ISP filters port 80, in which case, you would either need to map a different external port to port 80 internal OR configure your FreeNAS box through the web UI to bind to a different port other than 80.