SOLVED Can't SSH from outside the LAN

[ryansoh3]

Hi all,

I have FreeNAS 9.2.1 setup at a remote office. It has a static IP and I am currently able to:

1. Access the WebGUI via HTTPS locally and remotely.
2. Access the storage via FTP (FileZilla) locally and remotely.
3. Ping google.com via the WebGUI's shell remotely.
I have now turned off the FTP service for security.

However, I can't seem to SSH (Putty) or SFTP (FileZilla) into the system remotely.
Both seem to time out, and I'm not getting anything on Putty because there is no response from the server. (The SSH service is on of course.)
The default HTTPS port 443 didn't work for the WebGUI so I had to change it to something higher. I tried changing SSH ports but none seem to work.

This is quite baffling, and any help would be appreciated. Thanks.

 

[danb35]

Is your server directly connected to the Internet, or is it going through some sort of router or firewall device?

 

[cyberjock]

Just an FYI, if you are forwarding ports in your router/firewall to allow remote access to FreeNAS you are making a grave networking-101 error. This has been discussed in agonizing detail in the past so feel free to search the forums if this is news to you.

 

[ryansoh3]

Nope, it's connected directly to the internet without a router as far as I know.
It is an office environment and I think there are various devices between the internet and the FreeNAS, but there isn't any that I can configure or control.
I do get a static IP (not an internal IP) though, not common for these days.

I fixed the issue, I just had to set the port to 8080. All the other ones that I tried (21, 22, 80 common ones) and some random ones (8023, 61234, etc) didn't seem to work.

Cyberjock, most, if not all guides I read about configuring FreeNAS say to port forward. Even though I don't have a router, it would be great if you can point me to some threads concerning not to do so. Thanks for all you guys' help.

Edit: How do I change the thread prefix to "solved?"

 

[danb35]

The bottom line is that FreeNAS isn't designed or hardened to be directly exposed to the Internet. Forwarding ports to the FreeNAS server has the effect of exposing it directly to the Internet. It should be on a private network, and if you need to access it remotely you can set up a VPN to allow for that. The preferred solution here seems to be to set up a pfSense router, but many consumer-grade routers support alternate firmware that will provide a VPN solution as well.

As to how to change the thread prefix, I believe you can edit your original post to do that.

 

[cyberjock]

Here ya go.. someone just posted this seconds ago in the forum:

http://secureworks.com/resources/bl...n-reaping-half-million-dollars-in-two-months/

If that makes no sense to you then you aren't qualified to be running a FreeNAS box and should find someone experienced and knowledgable enough to handle the responsibility...

 

[ryansoh3]

Thanks for your replies.
I'll look into setting up a VPN with my routers.

My plugins and jails not don't seem to work properly. It takes abnormally long to install a plugin (Owncloud, over 10 minutes) and it seems to hang at creating a jail. The system goes down, and I can't access the WebGUI because I get a "access restricted" error from my browser or FileZilla/Putty when accessing via SSH.
The FreeNas system then seems to restart after the hang and access is restored. I guess it's time to reinstall the system.

 

[pirateghost]

Thanks for your replies.
I'll look into setting up a VPN with my routers.

My plugins and jails not don't seem to work properly. It takes abnormally long to install a plugin (Owncloud, over 10 minutes) and it seems to hang at creating a jail. The system goes down, and I can't access the WebGUI because I get a "access restricted" error from my browser or FileZilla/Putty when accessing via SSH.
The FreeNas system then seems to restart after the hang and access is restored. I guess it's time to reinstall the system.

Sounds to me like you don't have the proper hardware to run Freenas and all the goodies.

#stayparanoid

 

[ryansoh3]

You sure? Seems like a corrupted filesystem to me.
Intel i7 860
Gigabyte H55 mobo
8GB RAM
3x 3TB data drives

I didn't have a problem like this when I first setup the system, but I guess it's time for a fresh install.

 

[Ericloewe]

Could very well be the lack of ECC.

 

[ryansoh3]

I'll have a run of Memtest for a couple of hours but I don't expect any errors.

 

[cyberjock]

Well, *any* system that uses an H55 chipset is a desktop board. That means its filled with desktop goodness. But, all that 'goodness' is potential problems if you want to run a server OS on it. That's why if you read our hardware suggestions threads we only recommend server-grade boards.

And if that board uses Realtek you've probably got the answer to your problems. Again, the hardware recommendations say to specifically avoid Realtek.