How to access my local network via ssh?

[wreuel]

Hi everyone,

I want to access my services (cp, sickrage, transmission and etc) from outside via tunnel, I know one the most security way is via tunnel ssh, but I don't know how to do with freenas.

I have a port XX open in my router, which is addressed to myFreenasIp:sshport, I want to open the ssh from outside and the open the jails like if I'm in the same local network, it means using 192.168.1.xxx:9091 and others, anyone can help?

 

[Jeremy Foor]

I'm assuming you want to access them all from their respective webGUIs..in that case you can setup a SOCKS proxy to SSH into and connect to your FreeNAS system remotely, making sure to forward the necessary ports. For Firefox you can configure this just for FF, on the network settings page. Using Chrome I believe you have to configure it in your OS as Chrome doesn't support this, at least as far as I'm aware. There may be a chrome addon/plugin that let's you but I haven't tried. There are plenty of guides to configuring a SOCKS proxy already written. Hope that points you in the right direction.

 

[eldo]

wreuel,

I would recommend that you change the port forward in your router to point to a jail instead of going straight to the freenas IP address. This would help limit the exposure if your key/password was guessed. I have a jail configured for just this purpose. Its only goal in life is to be a jumpbox.

Personally I run an https server and ssh over port 443 and use the sslh package to route the ssh traffic to my ssh box, and ssl traffic to the web server. I do this because I use certain networks where only http/https outbound traffic is allowed, and I can both access the webserver and ssh at the same time.

I agree with Jeremy, use SOCKS through your SSH endpoint with a local proxy on your browser. This will allow you to type in the LAN addresses of your interface exactly as if you were at home. As an added benefit, if you use that browser to browse with, you are routing all your traffic through your home network (and possibly DNS requests as well, if properly configured). I like this because it limits what exposure I have on the network where I physically am at the time.

I use PUTTY on windows clients, I find it easy to use, and you can grab a portable package that does not require system installation.