Remote Access for users

[mclarkin9681]

Not sure if this possible with FreeNas...but is there a way to set up user account (i know this is possible) and allow them remote access to the content on the server via a web login...similar to Windows Home Server.

I have not built my FreeNAS box...yet. So I do not have the ability to play around with it. So i figured i would ask to see if this was possible.

 

[danb35]

FreeNAS isn't really designed to do this--it's designed to share files over a LAN. However, the Owncloud plug-in may be able to do what you're looking for.

 

[sjieke]

The owncloud plugin is indeed an option. I use it to give my family access to a part of my nas (mostly pictures :))

 

[Knowltey]

FTP service, and then configure port forwarding on your network properly to point FTP logins to the NAS.

 

[danb35]

...except that FreeNAS isn't designed or hardened to be exposed to the Internet, and FTP is known to be pretty insecure. VPN instead of port forwarding would make this idea a bit safer.

 

[Whattteva]

I use SSH to a jail for like 90% of what I do. Works pretty awesome and pretty secure if you set it up with certificates. Of course, there is always a tradeoff between security and ease of use. A lot of your users may be intimidated by the use of certificates.

 

[sjieke]

Another option to add an extra layer of security is using a reverse proxy to access the services from outside your home. It's easier then VPN for the users because they don't need to know, everything is handled at the server.

 

[SirMaster]

FreeNAS is hardened enough.

Just forward the SSH port and only allow key authentication rather than password.

Then your users can use SCP or other to access files via SSH.

Or other things could be done. Run a reverse proxy from a jail for example and then just forward the jail's reverse proxy port and use that to access the other internal services.

 

[cyberjock]

Right.. because some guy with 60 forum posts knows more than the developers that say not to do that, right?

RIGHT! I totally believe it now!

 

[Whattteva]

Haha, well at least it's not as in-your-face as the guy that wanted to expose his web UI to everyone several months back, lol.

 

[SirMaster]

I meant if you are only forwarding a single port 443 to an NGINX reverse proxy in a jail then you are not exposing FreeNAS to the Internet and thus how "hardened" it is becomes irrelevant because it wont even be exposed in the first place.

Or if you are forwarding a single port to the SSHd. As long as you are using an up to date version of the service and have it set up with private key authentication and pipe everything though that connection you should be OK.

 

[cyberjock]

Uh, any data packets coming in are still processed by FreeNAS as the network stack is shared, except in one case.

That one case is if you setup VIMAGE. VIMAGE is listed as "experimental" and it even says that on start-up.

So you still going to argue me on this?

You need to understand the stuff in the background (which the WebGUI happily abstracts for you) to really be able to make an informed decision on how to handle problems and questions like this. You don't have that knowledge, obviously. Sorry, but unless you are going to argue why you know more than the developers, you are just arguing to argue.

This is precisely why when people want to do OpenVPN inside a jail we still tell them they are crazy. There's far more going on in the background than you clearly realize.

Good day to you.

 

[Whattteva]

Oh really? I didn't know VIMAGE is experimental. It's been working rock-solid for me since 9.1.1 though. So solid that I thought it's production release, lol.

 

[cyberjock]

The VIMAGE itself is experimental. It's required to solve certain problems though (which is why its included). If I'm not mistaken the manual says that VIMAGE is experimental. At least one problem I've see when using VIMAGE is that in some circumstances, if you stop a jail with VIMAGE on it will take the entire server offline. No more network activity at all until you reboot.

 

[jgreco]

And people wonder why I create per-service VM's.

 

[Whattteva]

I guess I never noticed the no network problem probably cause I don't take jails down once it's properly setup.
They typically only go down when I reboot the host system, which only happens when I'm moving the box around.

 

[Apollo]

If VIMAGE is experimental and if it shouldn't be used in the first place, why its selection is enabled by default when I install Plex?

 

[cyberjock]

Without VIMAGE many things that you want to do inside of jails are impossible. Getting Plex to work without VIMAGE is difficult and some features wouldn't be available.

So you either do without Plex or you accept the 'experimental' VIMAGE. Which would you choose? ;)

 

[Whattteva]

I don't use Plex personally so I have no idea how it works, but what special thing does it do exactly that requires its own network stack? Wild guess here... some form of broad/multi-casting?

 

[jgreco]

I suspect it is more along the lines of how FreeNAS is designed to set up jails. Jails create a subset of the networking environment on a UNIX platform, typically enough for a normal service to operate, but Plex is somewhat more complex than an FTP or Web server and I would guess it makes certain assumptions about the networking environment that is available on a host platform. That may make VIMAGE a preferable way to implement it, because IIRC VIMAGE is a bit more flexible and permissive.