Jail accessible from WAN - Security?

[Cupcake]

Hi guys
In the past two weeks I've set up my first running freenas server and it's quite awesome. So much, that new ideas with what I could do with it popped into my mind. I'm particularly interested in replacing all my dropbox and skydrive services with the owncloud plugin and have complete control over my own data. This would however require that the owncloud jail can be accessed from outside my home and now I'm wondering about security issues. My freenas isn't reachable from WAN at all (no port forwarding in router) since I'm paranoid and want my server to be safe from the big bad world. I see two ways now how I can access my owncloud from outside my home:

1. Install a VPN endpoint in my LAN and connect through that with my freenas server.
2. Forward the necessary ports to the jail's IP address only and therefore run it as a normal webserver.

Obviously option 1 would be the most secure. But I don't have the hardware to realize a VPN server yet. So how secure would option 2 be? Would this be equivalent to making the whole NAS accessible for WAN or is the jail quite secure and isolated? Would the NAS and data on it be in danger in case the owncloud jail got compromised?

I've searched the forums here but didn't find a single related thread. Hope you folks don't mind if this is a silly question. Thanks in advance.

 

[Nindustries]

It is possible to install a vpn-server on your freenas server, google it.
That would be thr safest way.

- Sent from mobile.

 

[Cupcake]

That is an option, but it would still raise the same question. How secure is it to directly forward WAN connections to a jail's virtual IP? This is necessary because otherwise I couldn't connect to the VPN server running on the freenas, right?