Connecting to FreeNAS Machine Anywhere?

[Brent]

Hey Guys,
I'm back (hopefully with my last question...) and I have been reading for about an hour and a half about connecting to the network from anywhere (for instance...uni)

So...how does one begin with this
I figured SSH is the way to go, but, the whole dyndns (where everyone seems to link me to in the tutorials) just isn't working (partially because I don't plan on paying for the service(is there a way to implement no-ip?))

 

[dlavigne]

The DDNS service supports many providers. Click the provider drop-down menu under DDNS to see which services are supported. You can also specify other providers not in the list, see http://doc.freenas.org/index.php/Dynamic_DNS for an example.

 

[Brent]

The DDNS service supports many providers. Click the provider drop-down menu under DDNS to see which services are supported. You can also specify other providers not in the list, see http://doc.freenas.org/index.php/Dynamic_DNS for an example.

Thanks, I've read over it a few times, setup No-IP, have it all connected inside the Freenas DDNS Settings, but, I'm a little confused at which IP it's meant to be getting, (reading...over the link...) it says that the, "domain" is meant to be a, "fully qualified domain name" which is all good, but, the IP that it's getting is the IP to my router (where I can change settings...) so...I'm a little confused as to which IP it's meant to be getting?

 

[gpsguy]

It will get the IP address of your router.

You'll need to setup port forwarding in your router, so that incoming SSH traffic gets forwarded to the IP address of your server.

BTW, consider setting up a VPN solution.

 

[Brent]

I know how to portforward, and SSH = 22 (right?) if so, it was already being used by something...
If you can link me to something to read about where I should be looking into a VPN I'll be more than happy to consider it :D

 

[gpsguy]

Yes, the default port for SSH is 22.

If you do a search on this forum (upper right-hand corner of the page), you find some VPN solutions that other FreeNAS are using.

 

[Brent]

Thanks, so I am still a little confused about forwarding it, the port, "22" is already forwarded (it actually show it as SSH), so, I went and made sure the routers firewall wasn't blocking the connection...and I allowed the inbound rule of port 22 to the lan user, "192.168.0.5" (this being the machines ip that FreeNAS is on) and, I'm still not entirely sure if I'm doing it right?
So key notes from this
- port 22 is already forwarded
- I added an inbound rule for port 22 to the ip address of my FreeNAS machine

 

[Brent]

Oh, and, I can successfully utilize the, "ssh" command from the, "shell" the freenas webgui provides (this is using the machines local ip, "192.168.0.5") but, I get an error (more of a warning..), Once I type, "yes" to the I can then run commands and what-not...(this is just a little bit of info incase it helps...)"The authenticity of host '192.168.0.5 (192.168.0.5)' can't be established.
ECDSA key fingerprint is "theres a hex here". Are you sure you want to continue connecting (yes/no)?" Also, this is using FreeNAS-9.1.0-RELEASE-x64

 

[pirateghost]

A. Forwarding port 22 to port 22 is a very bad idea. That is an extremely common attack vector. If you want to SSH from remote, it would be best to use some other port like 2222 and forward it to port 22 on your FreeNAS. VPN would be a better, more preferred option here.
B. you dont SSH into the same machine you are on...you would use a client machine somewhere and SSH into it. If you open up the shell in the webgui, you are already in the system.
C. You are getting warmer. You would not merely SSH into the system to get access, you would need to tunnel your traffic to the machine. There are many tutorials on this across the internet, as it is not specific to FreeNAS.


You should take a look at your setup. Decide what it is you really need to be able to access remotely, and plan it out. Do not just randomly open ports and configure things you do not understand. Your data is at risk being opened to the internet. I highly suggest you look at VPN alternatives. Do you have another machine on your network that stays on 24/7? Do you have a router that supports VPN natively or supports DD-WRT? What is your end goal? What exactly do you want to access while remote? FTP? CIFS? AFP?

 

[Brent]

Ok I'll answer in points

- So, if I say go into my crappy Netgear DGN-1000 and add a tcp/udp setup from 17222 - 22 (please correct me if I am wrong(at the moment I just had a service that was from 17777 - 17777 and than added that to the SSH TCP Port (my thinkings is that is the port it will look for?))) and than jump over to the FreeNAS Webgui and change the TCP Port to 22 that should be fine? (I'm trying to understand this, because you said port 2222 and forward it to 22(which I'm a little confused about...))
- Currently my work laptop is on 24/7, (I completely didn't think about that...I feel kinda more stupid than I already did...)
- Possibly a good one that you know of you can link me to?

And here's to your final questions;
I want to be able to access for example Music Files (so that my work hard drive isn't completely filled with stuff that just doesn't need to be on there)
I have/will (more) been/be looking into VPN more, but, I don't think my router supports DD-WRT, I am thinking of getting a new router however...(suggestions? something basic?)
My End goal is to have the FreeNAS machine working and properly functioning so I don't have to have so much clutter and files on my work/home pc (I just want it all in one spot and as a backup...)
Well, exactly? I was reading and CIFS isn't the safest way to go, I'd prefer to be able to FTP..

Thanks for your reply

 

[Brent]

UPDATE:
I used putty to connect to, "192.168.0.2:22" (this being the FreeNAS Machine) is this what I should have been aiming for? (I would like to now know how to say connect if I'm at school)

 

[gpsguy]

In message *8, you said the address ended in 0.5, now it's 0.22. You need to give your FreeNAS system a static address.

If you want to SSH from home, you could use PuTTY to test it on your local network. That's how I manage mine for console work. So connect to 192.168.0.x:22 on your local network.

If you were doing it from work, you'd use the public address of your router. Earlier, you were trying to setup DDNS. Assuming your IP doesn't change very often (mine often stays the same for months), you could use what's my IP address and append the ":17222" to it. And, SSH to it from outside your network. If you have a wireless hotspot, you could test the outside connection, without leaving your home.

As both pirateghost and I have both said, you'd be better off with a VPN connection.

I used putty to connect to, "192.168.0.2:22" (this being the FreeNAS Machine) is this what I should have been aiming for?

 

[Brent]

I had a problem with my router and it picked up the closest ip it could (being 192.168.0.2), shouldn't happen again, and, do I use the internal in putty or the public...

I haven't seen my IP change since i've gotten my connection...so yeah, but, how do you mean append the, ":17222" to it?

 

[pirateghost]

I had a problem with my router and it picked up the closest ip it could (being 192.168.0.2), shouldn't happen again, and, do I use the internal in putty or the public...

I haven't seen my IP change since i've gotten my connection...so yeah, but, how do you mean append the, ":17222" to it?

If you are at home, and you want to SSH into your FreeNAS, you need to use the internal address, because you are on your internal network.
If you are away, it would be impossible for you to even see your internal network ip addresses, unless you are tunneled into your network in some fashion (via SSH tunnel, or VPN), so obviously you would use your external address to connect to SSH from remote.

When using PuTTy, you will notice it has a box for a port number. if you decide you want to use 17222 as your external access port, then you would put THAT in the port box in PuTTy. When internal you would use port 22.

When I mentioned forwarding a different port number, I meant exactly that. Leave the FreeNAS port alone, no need to change it, because it is default at 22.
In your router, you would forward port 17222, to port 22 on the FreeNAS IP.

If you leave your work laptop on 24/7, and you have the ability, you might attempt to run an OpenVPN server from it (it uses UDP port 1194) and you would then have a VPN into your home to do whatever you like on your internal network.

Pay attention to the rules of setting up any VPN. Do not use the same IP subnet for the VPN as you use for your internal network (ie, if your internal network is 192.168.0.2/24, then use anything BUT that subnet. I prefer 172.16.0.0/24 or similar to keep them separated). Beyond that, it will be a matter of getting your router to recognize that new subnet, but that should be fairly easy.

Based on your router model, I am guessing you have a pretty basic DSL connection? You might want to check your upload speeds with that, because you will not have much fun trying to transfer/use files remotely on a slow DSL link, no matter how you configure your way into the network.

 

[Brent]

Thanks for your reply

Alright, I understand that, and PuTTy refuses any connection that isn't with :22
"When I mentioned forwarding a different port number, I meant exactly that. Leave the FreeNAS port alone, no need to change it, because it is default at 22.
In your router, you would forward port 17222, to port 22 on the FreeNAS IP."
How do you mean forward port 17222 to port 22? (example maybe?)
I'll look at setting up OpenVPN on another machine I have
Yes, I know, it's a very slow DSL Link, but, that's getting upgraded within the next couple of weeks
Thanks in advacned
(sorry I don't reply too fast, reading up about some things)

 

[pirateghost]

How do you mean forward port 17222 to port 22? (example maybe?)

This is dependent on your router configuration page. From a little reading on it, it looks like you would need to 'Add a service' call it whatever you like, and the outside port will be 17222 and it will forward to port 22 on your FreeNAS box. Don't really know how else to give you an example, as port forwarding itself is very generic, but the options in your router are router/model-specific.

It really is just a matter of going in one port to get into the network, then it translates that to the correct port on the other side. Port forwarding does NOT have to involve direct port to port (ie, the same port numbers on external and internal). You can use DIFFERENT port numbers on outside as you do on the inside.

 

[Brent]

Alright so, I get the add a service part, by the outside port that would be in the Start Port: and Finish Port:
So
Start Port: 17222
Finish Port: 17222
I'm just trying to understand this completely

 

[Brent]

I just ran a port checker, and my port is closed (not sure if this is meant to be open...) so...yeah?

 

[Whattteva]

If your port is detected as closed, it means there is no server listening on the other end. So yes, in order for your SSH access to work, the port needs to be detected as open.
If you have set up the port forwarding correctly (from 17222 on your WAN side to 22 on your LAN side), then from an outsider's point of view (Internet), port 17222 would appear to be open.

Note that not all routers support port forwarding with different source and destination.
So depending on your router's capability, you may either have to directly forward port 22 or change to port 17222 on the NAS.

 

[pirateghost]

Sounds to me like finish port should be 22 if you havent messed with the FreeNAS ssh port settings.

INBOUND (17222) -> INTERNAL(22)

your port showed closed because you were forwarding 17222 to 17222...you need to forward it to 22

This is basic networking here. It is really easy.