How to access my freenas data remotely BY ANY MEANS NECESSARY

pragmaonce

Dabbler
Joined
Oct 2, 2019
Messages
12
I made a freenas machine just too store my personal data on and access it remotely. it seemed quite simple, but ive come across MANY ways of doing so (nextcloud, plain ssh/ftp) but none of them have worked for me because im struggling to understand the DDNS/port forwarding concepts. Can someone please give me a step-by-step tutorial on how to access my freenas data insecurely/securely(I dont care just keep it simple) just so that I can see how it works. ill stop it later on and make it more secure but for now i just want to know how to connect to it remotely in the simplest way possible!
 

KevDog

Patron
Joined
Nov 26, 2016
Messages
462
Hard to answer this question until we know what is your client -- phone, computer, tablet, etc?

Whatever the method -- I would suggest getting a domain name. You could pay for one or get one that is free (but the name choice isn't exactly yours) at a provider like noip.com

DNS names are bought from a DNS registrar, and many registrars by default will be your DNS provider -- or they host -- your DNS A, CNAME records. Once your domain name is setup - enable within freenas the Dynamic Update Client that will associate your server's IP address with your Domain Name.

I'm assuming your FreeNAS installation sits behind a router, so you are going to have to port forward some specific port numbers from the router to the LAN IP address of your FreeNAS installation. What specific ports you have to open depends on what means you're trying to use to access the data. SSH for example is port 22. HTTP - 80. I would not suggest FTP.

As a general rule, although its possible to directly ssh into the main FreeNAS installation, you typically do not want to do this. You usually create a dataset and then create a jail that links to the dataset. VM's could be used as an alternative to jails since FreeNAS jails are FreeBSD based where as with a VM you could install any OS you wanted. Jails/VM's are used as best practice to isolate the main system as a security means.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,455
There's not really a way to do this that's simultaneously simple and safe. I think the best way to go about it would be Nextcloud, but to really make this work you're going to need to take care of a few things:
  • You're going to need a domain. Many dynamic DNS providers will give you a subdomain (e.g., yourname.ddns.org), you can get your own domain for free (though with a limited selection of TLDs) at freenom.com (though be mindful of their renewal requirements), or ordinary "paid" domains generally cost under $15/year.
  • You're going to need DNS for your domain. If you got it as a subdomain from a dynamic DNS provider, that's taken care of. If not, Cloudflare works well and is free.
  • If you have a dynamic IP address (most home users do), you'll need a way to update DNS records as your IP address changes. FreeNAS has this built-in for some providers, and DNS-O-Matic will work with many other DNS hosts (including Cloudflare).
  • You're going to need to figure out how to do port forwarding on your router. This ordinarily isn't too difficult.
  • Once all that is taken care of, you can install Nextcloud in a jail. In my no-doubt-biased opinion, my script is about the best way to do this right now.
 

John Doe

Guru
Joined
Aug 16, 2011
Messages
635
I think a safe and secure way would be to
register a dyn dns like noip.
get a proper (or 2nd) router ( i like pfsense and openWRT/ ddWRT)
install noip renewal stuff
set up a vpn (like openvpn)
set up a few firewall rules, so that your network is not completely visible for someone who has vpn access
use whatever you want to use, from smb to nextcloud or ftp.

quick and very insecure way:
register dnydns service
open port on your router (common ports can be found on wiki) and forward traffic to ip address of freenas

you and the whole world can access up to your freenas. the only last security barrier is the application, running on freenas. like a password for nextcloud. maybe compare latest version of nextcloud with the actual one you can install via the jail gui.
there is a reason, why you can find so many tutorial out there for setting up a secure mongo DB for nextcloud.

I was considering/setting up a security concept for almost a half year. after reading about security and freenas, I ended up with pfsense (very flexible firewall/router). from the outside world, only a few ip addresses can pass the fire wall and only through vpn tunnel.

in other words, i personally think freenas is an enterprise OS which is partly oriented for SOHO or hobby enthusiasts (all this vm/ jail stuff).
in a proper IT environment you have a security concept and tools for blocking threads. Freenas is in my opinion not focused on security.
I can only say, do not rely on freenas in terms of cyber security. get a firewall & VPN and do it right.




step to step for insecure:
go to your router, search for port forwarding. take the ip address of the entity you want to remotely access (freenas or jail) enter that ip address there.
check which service you want to use and determine the standard port number.
after that get your outside ip address from your network (whatismyip.com)
take a device outside of your network and enter the outside network ip address. that will work until you get a new ip address.

be aware there are thousands/ millions of bots out there which are continuously searching for open ports and just try the standard attacks. my firewall log is giving me 2-3 tries every 10 mins for just one small country which can pass the firewall.

imagine the amount of tries if the whole world can scan your open port.
 
Last edited:

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,455
set up a vpn (like openvpn)
I like VPNs, but they would conflict with "in the simplest way possible." But not too difficult to set up on a decent edge device (like the pfSense router you mentioned).
quick and very insecure way:
Very insecure, if you're talking about forwarding ports directly to the FreeNAS box. Much less so if you're forwarding to a properly-configured jail (like a decent Nextcloud installation).
maybe compare latest version of nextcloud with the actual one you can install via the jail gui.
Don't use the plugin. Seriously.
so many tutorial out there for setting up a secure mongo DB for nextcloud.
Not sure what you're talking about here--Nextcloud doesn't use MongoDB in any way.
 

John Doe

Guru
Joined
Aug 16, 2011
Messages
635
...
Not sure what you're talking about here--Nextcloud doesn't use MongoDB in any way.

sorry my bad was it maria DB?
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,455
sorry my bad was it maria DB?
Ah, yes, Nextcloud does use MySQL/MariaDB (or SQLite, or PostgreSQL). But security in any of those shouldn't be a major issue, as none of them would be exposed to any network in any sensible Nextcloud installation.
 

KevDog

Patron
Joined
Nov 26, 2016
Messages
462
danb35's script is really good for installing nextcloud. Another good resource is here for nextcloud: https://www.samueldowling.com/2018/...n-freenas-iocage-jail-with-hardened-security/
You might not elect to install the way sam dowling suggest, but he has some really good security options in the latter part of the post which I like. Be forewarned however -- nextcloud is kind of like a fancy car. It works really great until there is an update and then the thing really needs some attention. It's kind of a pain in that way.
 
Top