[How-To] How to Access Your FreeNAS Server Remotely (and Securely)

[nojohnny101]

@Glorious1 It is working!

Thank you to all who replied and helped me through the problems. I thought I would share what finally got things working and why I think it wasn't before.

I had to check the box under SSH settings to "allow TCP port forwarding". I don't believe you have that in your instructions. That was the trick! I've even used your instructions now to setup the alias and all is well!

Great information! Now just to figure out permissions....

 

[TheSunKing]

You should be able to edit the file while connected and then in a separate window restart the sshd process via cli without affecting your 1st connection. Google has some examples of this working and I just did a quick test on my box and it worked. (service sshd restart)

That worked! Thanks for all the help. :)

Sounds like me and @nojohnny101 actually had the same problem.

 

[TheSunKing]

Okay, struggling with the final step of browsing a CIFS share through the SSH tunnel as if it were a local share.
Has anyone had success accessing a CIFS share in this way?

In trying to match the original guide, my current set up in putty is:

• Source port = 33333:localhost:445
• Destination = username@domain.duckdns.org:55555

And I am trying to connect to \\localhost:33333\sharename.
Windows thinks about it for a while and then gives the error: "The folder you entered does not appear to be valid. Please choose another."

I've also tried:

• Source port = 33333
• Destination = FreeNAS_localIP:445
• Connect to \\localhost:33333\sharename

And:

• Source port = 33333
• Destination = localhost:445
• Connect to \\localhost:33333\sharename

Neither of those worked.

Anyone got any hints?
Thanks!

 

[Yusuf Limalia]

Nice guide. With it, I managed to create an ssh tunnel to my FreeNas machine using putty on windows machines.

Struggling to get this to work, what settings did you put into PuTTY?

 

[Yusuf Limalia]

@Glorious1 It is working!

Thank you to all who replied and helped me through the problems. I thought I would share what finally got things working and why I think it wasn't before.

I had to check the box under SSH settings to "allow TCP port forwarding". I don't believe you have that in your instructions. That was the trick! I've even used your instructions now to setup the alias and all is well!

Great information! Now just to figure out permissions....

LoL, that was the trick thanks!

Did you manage to get it working through SOCKS? or forwarding each port?

 

[nojohnny101]

@Yusuf Limalia I have port forwarding setup with my public facing port somewhere north of 1200. Internally it still has port 22 as standard.

 

[DrKK]

@Yusuf Limalia I have port forwarding setup with my public facing port somewhere north of 1200. Internally it still has port 22 as standard.

This is exactly the right way to do it. If you open the standard public facing port, you will draw the incessant fire of countless Russian and Chinese hackers; even if they can't get anywhere, it's still annoying.

Also, if you're using Windows, you might take a look at "Bitvise" rather than putty. It makes handling all of this business rather simple, graphical, and intuitive.

 

[Yusuf Limalia]

@Yusuf Limalia I have port forwarding setup with my public facing port somewhere north of 1200. Internally it still has port 22 as standard.

Sorry sir my question was rather open ended.

I have forwarded my ports to the server and I have PuTTY setup the following tunnels

This works great, but I have to individually define the ports I need forwarded.

Any way of getting it the way OP suggested, ie. He opened a Tunnel and set Firefox to use SOCKS protocol to access his GUI via http://192.168.0.250 instead of the PuTTY Tunnels eg. localhost:15443

Any idea how to get the SOCKS method working to access any of the IP's via the web browser?

 

[Yusuf Limalia]

This is exactly the right way to do it. If you open the standard public facing port, you will draw the incessant fire of countless Russian and Chinese hackers; even if they can't get anywhere, it's still annoying.

Also, if you're using Windows, you might take a look at "Bitvise" rather than putty. It makes handling all of this business rather simple, graphical, and intuitive.

Much appreciated, got over fiddling with PuTTY, just used Bitvise and the SOCKS tab was the answer =)))

Such protocols, very authentication. Wow

 

[Yusuf Limalia]

If Anyone wants to get the PuTTY way working you have to set the Tunnel as a dynamic port.

Then you have to set Firefox the way OP has done, and it will work =)

Dont enter a destination, just select dynamic

Once you have done this, setup your browser

And you will be able to access your FreeNAS / Plex / other GUI's just by their local IP's

 

[ss4johnny]

If Anyone wants to get the PuTTY way working you have to set the Tunnel as a dynamic port.

Thanks for supplying detailed images of settings.

I am able to get Putty to work locally, but not when I try to use duckdns. In the Session tab, I have the host name as <domain>.duckdns.org and the port as 22 with SSH selected. Other settings seem to match what you have posted. I use the same approach as discussed above for forwarding dynamic ports, setting the internal port to 22 and the external to what is set in Putty. The router settings look correct. For all other intents and purposes the settings are similar to what is discussed in the original post, I think at least.

But it wasn't working. I figured that this was because the cron job wasn't running yet. So I set the cron job to run now. When I open the connection in putty it brings up the terminal screen, but then it just sort of lags with nothing coming up and I get a box saying "Network error: Connection timed out."

I'm not sure if it matters that I'm testing this on a computer on the same network as the server.

 

[Yusuf Limalia]

Thanks for supplying detailed images of settings.

I am able to get Putty to work locally, but not when I try to use duckdns. In the Session tab, I have the host name as <domain>.duckdns.org and the port as 22 with SSH selected. Other settings seem to match what you have posted. I use the same approach as discussed above for forwarding dynamic ports, setting the internal port to 22 and the external to what is set in Putty. The router settings look correct. For all other intents and purposes the settings are similar to what is discussed in the original post, I think at least.

But it wasn't working. I figured that this was because the cron job wasn't running yet. So I set the cron job to run now. When I open the connection in putty it brings up the terminal screen, but then it just sort of lags with nothing coming up and I get a box saying "Network error: Connection timed out."

I'm not sure if it matters that I'm testing this on a computer on the same network as the server.

There's a couple things you can try to try and eliminate what the problem is:

1) Using the DynamicDNS on the same network is hit and miss. I've had instances where it has worked and some instances where it doesn't work. ie: at my workplace if I try to SSH into the WorkNAS via its own DDNS it doesn't work. But at home when I try to SSH into my HomeNAS via its own DDNS it does work.
-> Try accessing your server from another location.
-> I would allow login with pass temporarily and try that to make sure your ports are forwarding correctly.

2) I didn't go the duckDNS route. as OP mentioned there are few other services that FreeNAS has built in. i Use no-ip for example. It's free for up to 3 hostnames and works perfectly. Maybe give one of these a shot if the above didn't work. Although if you ping <yourhostname>.duckdns.org does it show your WAN IP?
If it does then your CRON method should be working. You can check your WAN IP here
https://www.whatismyip.com/

3) What router have you got? could you send a screen shot of how you're forwarding your ports?

Good Luck!

 

[ss4johnny]

There's a couple things you can try to try and eliminate what the problem is:
[snip]

Thanks for the reply. I've been a little swamped and haven't had a chance to fully test these things.

 

[Yusuf Limalia]

Thanks for the reply. I've been a little swamped and haven't had a chance to fully test these things.

No Worries, let me know how you get on, and we'll figure it out

 

[mike360x1]

Hi, I may have the issue of getting permissions to stick.

Every time I go to the GUI and change the dataset permissions of my home directory, it just immediately reverts back.

I've tried the "disable world-writing for home directory" method @Jeren has talked about in his post on pg.4 and I'm coming up with

Code:

chmod: /mnt/Default/Personal/Michael: Operation not permitted
chmod: /mnt/Default/Personal/Michael/.ssh: Operation not permitted
chmod: /mnt/Default/Personal/Michael/.ssh/authorized_keys: Operation not permitted

The permissions of the home directory (/mnt/Default/Personal/Michael) is perpetually on 770. Same with my .ssh directory and authorized_keys file.


I'm at a loss, and would greatly appreciate any help. Thanks in advance.

 

[anodos]

Hi, I may have the issue of getting permissions to stick.

Every time I go to the GUI and change the dataset permissions of my home directory, it just immediately reverts back.

I've tried the "disable world-writing for home directory" method @Jeren has talked about in his post on pg.4 and I'm coming up with

Code:

chmod: /mnt/Default/Personal/Michael: Operation not permitted
chmod: /mnt/Default/Personal/Michael/.ssh: Operation not permitted
chmod: /mnt/Default/Personal/Michael/.ssh/authorized_keys: Operation not permitted

The permissions of the home directory (/mnt/Default/Personal/Michael) is perpetually on 770. Same with my .ssh directory and authorized_keys file.


I'm at a loss, and would greatly appreciate any help. Thanks in advance.

That's because you're sharing your home directory via samba. Make your home directory reside in a 'unix' dataset that's not a samba share.

 

[mike360x1]

That's because you're sharing your home directory via samba. Make your home directory reside in a 'unix' dataset that's not a samba share.

AH! okay, it worked. :D Thank you for your help. So is there any chance you could elaborate? About not being able to change permissions if its in a samba share.

Is it cause Samba applies windows permissions automatically when you make the share a accessible by samba?

 

[anodos]

AH! okay, it worked. :D Thank you for your help. So is there any chance you could elaborate? About not being able to change permissions if its in a samba share.

Is it cause Samba applies windows permissions automatically when you make the share a accessible by samba?

By default you can't chmod in a dataset that is a samba share. The ZFS acmode property on these datasets is set to "restricted".

 

[Ascotg]

Hi, first of all thanks for the tutorial it has been really helpful. Yet I have two more problems:

- SSH Tunneling - web access:

It says: "First open SSH tunnel: <code> ssh ..." where am I supposed to type this command? I have tried both using putty and the shell on my Freenas, but both times I get: "Connection refused."
But I know I have been able to connect since SFTP works just fine.

- Regular File Browsing:

I'm using windows so I want to use CIFS. Same thing here where do I type the code? Like before I tried both via Putty and the Shell, but I get connection refused. Also what port should I select for CIFS?

Thanks

 

[Glorious1]

Hi, first of all thanks for the tutorial it has been really helpful. Yet I have two more problems:

- SSH Tunneling - web access:

It says: "First open SSH tunnel: <code> ssh ..." where am I supposed to type this command? I have tried both using putty and the shell on my Freenas, but both times I get: "Connection refused."
But I know I have been able to connect since SFTP works just fine.

- Regular File Browsing:

I'm using windows so I want to use CIFS. Same thing here where do I type the code? Like before I tried both via Putty and the Shell, but I get connection refused. Also what port should I select for CIFS?

These commands are for the client when trying to access the server remotely (i.e., they may not work on the local network). I have limited experience with Putty, but did get terminal and web access to work via Putty on a Windows machine at work. As far as I can tell, Putty does not allow you to enter Unix commands as such; you have to set settings in the panes to match the meaning of the commands. I can give the details if I get to work today.

A Google search seems to indicate that CIFS/SMB uses port 445. I have not tested file browsing via Windows, as I have no SMB shares on my server.