Accessing FreeNAS from remote location

[CWiz]

Quick questions:
I want to be able to use the box like a FTP file server but I mostly see examples of FreeNAS being used on a local network, not being accessed remotely.

-Can I access my NAS from outside my local network? Say from a friend's internet or on my mobile phone
-Can it be an encrypted upload/download?

I'm guessing these functions are possible with additional software like Bittorrent?

-Am I better off doing something like this? Build your own file server or does FreeNAS already the FTP capability?

Thanks!

 

[danb35]

FreeNAS does have FTP capability, but is not designed to be exposed directly to the internet. The best answer is to set up a VPN connection to your home network. A much less secure option might be to do port forwarding.

 

[Jailer]

The quick and dirty way is to turn on SSH and use your favorite FTP client to remote in using SFTP protocol. It won't work like a file browser but you can get stuff on and off the server that way. Just make sure you set SSH to use a different port than 22 or your box will get hammered by intrusion attempts.

 

[danb35]

...and if you're relying on a non-standard ssh port to keep your system safe, good luck with that. If you're going to expose ssh directly to the Internet, at least use public-key authentication.

 

[Jailer]

...and if you're relying on a non-standard ssh port to keep your system safe, good luck with that. If you're going to expose ssh directly to the Internet, at least use public-key authentication.

I agree

 

[skimon]

Get a router that supports dd-wrt , flash it , choose a random port to forward to dd-wrt's port 22 locally, enable ddns through no-ip.com , enable tunnels, enable public key authentication , disable password logins, put limit on number of connections per minute, enable asiablock.

Now simply ssh to your router with your private key , and you can either ssh from your router to freenas or you can simply create a socks proxy for chrome/firefox using a tunnel and you can access the gui. I have this setup.

 

[danb35]

Get a router that supports dd-wrt , flash it, choose a random port to forward to dd-wrt's port 22 locally, enable ddns through no-ip.com, enable tunnels, enable public key authentication , disable password logins, put limit on number of connections per minute, enable asiablock, connect using OpenVPN.

Fixed that for you. I expect the preferred answer here would be to use a pfSense router rather than dd-wrt, but both of them will act as an OpenVPN server. Yes, SSH tunneling can act vpn-like at times, but this is what a VPN is designed for, it's secure, the software is free, and the setup isn't difficult. And, it will give you access to all the services on your LAN without having to set up a tunnel for each port you want to use.

 

[CWiz]

sweet jebus this sounds like a pain in the...

 

[pirateghost]

sweet jebus this sounds like a pain in the...

It is even more of a pain when you expose your fileserver to the Internet using known bad and unsafe protocols and that fileserver gets pwned

 

[CWiz]

It is even more of a pain when you expose your fileserver to the Internet using known bad and unsafe protocols and that fileserver gets pwned

Yeah, I'd like to avoid that if at all possible

 

[pirateghost]

Yeah, I'd like to avoid that if at all possible

So do it the right way and setup a VPN

 

[CWiz]

So do it the right way and setup a VPN

Cheese and crackers, alright

 

[sremick]

sweet jebus this sounds like a pain in the...

Server administration is not for the unmotivated or faint of heart. A server and FreeNAS, especially one connected to the world-wide internet, gives you great power. And with great power comes...

 

[Ericloewe]

Server administration is not for the unmotivated or faint of heart. A server and FreeNAS, especially one connected to the world-wide internet, gives you great power. And with great power comes...

a lot of heat to dissipate?

 

[enemy85]

A great electricity bill!

 

[James S]

Get a router that supports dd-wrt , flash it , choose a random port to forward to dd-wrt's port 22 locally, enable ddns through no-ip.com , enable tunnels, enable public key authentication , disable password logins, put limit on number of connections per minute, enable asiablock.

Now simply ssh to your router with your private key , and you can either ssh from your router to freenas or you can simply create a socks proxy for chrome/firefox using a tunnel and you can access the gui. I have this setup.

My setup follows some of the basic approach, here, too (i.e., SSH with key authentication, limited number of connections and disabled password login). The manual gives a good how to on setting up SFTP chroot which I've also done to access the server using Filezilla. By resetting the SSH port to something non-standard I also seem to have cut the bot-attack. I'm not done and there are few questions perhaps someone could help answer?
- my gui is still open to the world. How do I secure / close this? Is this just a question of turning off the password login for admin/root?
- enabling ddns - what purpose does this serve? (sorry I'm not from a technical background)
- enabling tunnels - I'm planning to use putty to connect via a tunnel ideally to the gui. Can this be any user or should it still be the built-in root/admin user?

Thanks!

 

[pirateghost]

My setup follows some of the basic approach, here, too (i.e., SSH with key authentication, limited number of connections and disabled password login). The manual gives a good how to on setting up SFTP chroot which I've also done to access the server using Filezilla. By resetting the SSH port to something non-standard I also seem to have cut the bot-attack. I'm not done and there are few questions perhaps someone could help answer?
- my gui is still open to the world. How do I secure / close this? Is this just a question of turning off the password login for admin/root?
- enabling ddns - what purpose does this serve? (sorry I'm not from a technical background)
- enabling tunnels - I'm planning to use putty to connect via a tunnel ideally to the gui. Can this be any user or should it still be the built-in root/admin user?

Thanks!

Unless you forward the Web gui port to the Internet, it isn't open to the world. You control your router. Close the port forward.

Ddns is so you can access your dynamically changing IP address. You don't need it Unless you plan on accessing from outside your network

Using an ssh tunnel only requires a user. It doesn't need to be root

 

[James S]

Unless you forward the Web gui port to the Internet, it isn't open to the world. You control your router. Close the port forward.

Ddns is so you can access your dynamically changing IP address. You don't need it Unless you plan on accessing from outside your network

Using an ssh tunnel only requires a user. It doesn't need to be root

Thanks for the reply.
In this case I do not control the router. I can reach the gui over the web so I'm assuming it is open (to the world)? In this case what might be good options for security?

 

[pirateghost]

Thanks for the reply.
In this case I do not control the router. I can reach the gui over the web so I'm assuming it is open (to the world)? In this case what might be good options for security?

Who forwarded the port to your Freenas box?

 

[James S]

Who forwarded the port to your Freenas box?

I am on a network at a university. So I guess the network administrator. So if they cannot close the port should I be adding another router to control myself?