-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Problems with DDNS and SSH
- Thread starter siropmoss
- Start date
jgreco
Resident Grinch
- Joined
- May 29, 2011
- Messages
- 18,680
This is hideously vague, there isn't really much to go on here. You're probably going to have to provide additional information.
Does your hostname look up correctly and resolve to your NAT gateway's external IP, when you query the name using Google's 8.8.8.8 resolver?
If not, what does it resolve to? Are you behind a CGN?
Does the NAS show that it is listening on port 22 (use "netstat -an" to look for an entry for tcp4 and *:22)?
When you attempt the SSH, where are you doing it from? Some NAT gateways will not do hairpin translations, so if you are not doing it from a point outside your network, it may not work.
When you attempt the SSH from outside the network, does tcpdump reveal any corresponding traffic?
You haven't really provided much to go on. What are you using for a NAT gateway (the thing commonly but incorrectly referred to as a "router")? Where are some screenshots of what you've configured that would maybe be helpful.
Does your hostname look up correctly and resolve to your NAT gateway's external IP, when you query the name using Google's 8.8.8.8 resolver?
If not, what does it resolve to? Are you behind a CGN?
Does the NAS show that it is listening on port 22 (use "netstat -an" to look for an entry for tcp4 and *:22)?
When you attempt the SSH, where are you doing it from? Some NAT gateways will not do hairpin translations, so if you are not doing it from a point outside your network, it may not work.
When you attempt the SSH from outside the network, does tcpdump reveal any corresponding traffic?
You haven't really provided much to go on. What are you using for a NAT gateway (the thing commonly but incorrectly referred to as a "router")? Where are some screenshots of what you've configured that would maybe be helpful.
siropmoss
Dabbler
- Joined
- Jan 31, 2021
- Messages
- 30
answering to your first question, i do not know how to use Google´s 8.8.8.8 resolver.
I can access SSH by the port 22 connected to the same network as the NAS. I access the SSH using PITTY and filezilla. I have also tried to attempt the SSH connected to another network but i can´t connect, none traffic is revealed.
I have configured the port forwarding on my router, opening the port 22 to my NAS ip.
here is a screenshot of my router port forwarding configuration.
I can access SSH by the port 22 connected to the same network as the NAS. I access the SSH using PITTY and filezilla. I have also tried to attempt the SSH connected to another network but i can´t connect, none traffic is revealed.
I have configured the port forwarding on my router, opening the port 22 to my NAS ip.
here is a screenshot of my router port forwarding configuration.
rvassar
Guru
- Joined
- May 2, 2018
- Messages
- 972
When troubleshooting ssh, it's always a good idea to throw some verbosity flags in the command line and see how the handshake is proceeding. Ala:
ssh -vvv <My_Host>
This will quickly tell you if the port is open, if there's a DNS resolution, or handshake problem, etc...
Now, having said that... Tunneling your NAS ssh port on to the open internet is not a recommended security practice. It will be attacked by hackers, and they will camp on it for days trying to guess users & passwords. If they are successful your system & network will be compromised. Sshd can have it's configuration "hardened", but this is not the the FreeNAS / TrueNAS default.
ssh -vvv <My_Host>
This will quickly tell you if the port is open, if there's a DNS resolution, or handshake problem, etc...
Now, having said that... Tunneling your NAS ssh port on to the open internet is not a recommended security practice. It will be attacked by hackers, and they will camp on it for days trying to guess users & passwords. If they are successful your system & network will be compromised. Sshd can have it's configuration "hardened", but this is not the the FreeNAS / TrueNAS default.
- Joined
- Oct 23, 2020
- Messages
- 1,919
To rephrase what @rvassar wrote, unless you know 110% what you are doing, this is a really dangerous thing. I for sure wouldn't dare to have something like this on my infrastructure. Yes, many people open up there NASes to the outside world, and in return you often enough read hackers being successful.
@siropmoss , can you give us some background on your use-case? Perhaps there is an easier and/or safer approach.
@siropmoss , can you give us some background on your use-case? Perhaps there is an easier and/or safer approach.
siropmoss
Dabbler
- Joined
- Jan 31, 2021
- Messages
- 30
Thank you for clearing out me that. I want to access my NAS files from an outside network, so what do you recommend me?
I have searched for it on the Internet but it wasn´t able to do it, and some solutions didn´t work. Opening ssh port for my NAS IP was the best option I find. However, nobody didn't tell me that I was doing so highly dangerous thing.
I have searched for it on the Internet but it wasn´t able to do it, and some solutions didn´t work. Opening ssh port for my NAS IP was the best option I find. However, nobody didn't tell me that I was doing so highly dangerous thing.
rvassar
Guru
- Joined
- May 2, 2018
- Messages
- 972
I have allowed ssh into a hardened host that then has limited access to my NAS. It did not accept passwords at all, used only cryptographic authentication, and lived on a concealed port with a bunch of filtering, etc... This could be setup in a VM on your NAS, but you really need to know what you're doing with both ssh and networking. I found it was more trouble that it was worth, and switched to a VPN solution.
There's a couple plugin's in the "community" category that may help you. OpenVPN will allow you to connect to your home network from remote locations, much like a corporate VPN. The NextCloud plugin might also prove useful, depending on your needs. I have used OpenVPN, but I have not tried NextCloud.
There's a couple plugin's in the "community" category that may help you. OpenVPN will allow you to connect to your home network from remote locations, much like a corporate VPN. The NextCloud plugin might also prove useful, depending on your needs. I have used OpenVPN, but I have not tried NextCloud.
- Joined
- Feb 2, 2018
- Messages
- 1,401
You should then use a service that is designed for that and not for complete remote sysadmin. Nextcloud is designed specifically for that and you should use that one instead of opening SSH to the world.
rvassar
Guru
- Joined
- May 2, 2018
- Messages
- 972
I'm afraid I cannot provide that level of support.
siropmoss
Dabbler
- Joined
- Jan 31, 2021
- Messages
- 30
I have already instal nextcloud plugin, but I don´t know how to show my database files in there. I can only upload or download media, not access to my NAS media. How can I access it using nextcloud?
- Joined
- Feb 2, 2018
- Messages
- 1,401
database file ???
This just not makes any sense...
If you are running a database engine like mysql, you do not expose its files directly. The database server will be listening over the network and you connect to it using its native protocol.
siropmoss
Dabbler
- Joined
- Jan 31, 2021
- Messages
- 30
What i mean is to access the files that are in a pool i have created
- Joined
- Feb 2, 2018
- Messages
- 1,401
Ok. There are many options here.
One is to map the dataset inside Nextcloud's jail and then point Nextcloud to it.
Another option is to re-map it over the network from Nextcloud as external storage. You share these over a protocol like NFS and then Nextcloud mount that NFS share. Once mounted in Nextcloud, you can re-publish it easily.
Here, my Nextcloud is a container in a Docker host outside TrueNAS.
The Docker host mounts the NFS share from TrueNAS in /mnt/backend
The container is then configured to mount the local volume /mnt/backend as /var/www/html/data, which is the default root for all data. Every user account is created there and all their data end up in the NAS.
If you do not wish to do the same, you can go in Nextcloud's admin pages and configure an external storage there. You then choose where to mount it and who can access it.
One is to map the dataset inside Nextcloud's jail and then point Nextcloud to it.
Another option is to re-map it over the network from Nextcloud as external storage. You share these over a protocol like NFS and then Nextcloud mount that NFS share. Once mounted in Nextcloud, you can re-publish it easily.
Here, my Nextcloud is a container in a Docker host outside TrueNAS.
The Docker host mounts the NFS share from TrueNAS in /mnt/backend
The container is then configured to mount the local volume /mnt/backend as /var/www/html/data, which is the default root for all data. Every user account is created there and all their data end up in the NAS.
If you do not wish to do the same, you can go in Nextcloud's admin pages and configure an external storage there. You then choose where to mount it and who can access it.
siropmoss
Dabbler
- Joined
- Jan 31, 2021
- Messages
- 30
I prefer configuring an external storage in Nextcloud. After installing the app external storage, what should i do?
siropmoss
Dabbler
- Joined
- Jan 31, 2021
- Messages
- 30
I have to do something in the NAS?, or just configuring in NextCloud?
siropmoss
Dabbler
- Joined
- Jan 31, 2021
- Messages
- 30
I have configured smb, ftp, ssh... I will use some of them
