qwertymodo
Contributor
- Joined
- Apr 7, 2014
- Messages
- 144
Ok, so I know the general consensus on WebGUI access via the internet is "don't" but I'm curious if it could be done reasonably with the right configuration. First of all, my FreeNAS box is behind a firewall, and I'm only opening up specific ports. I have SSH port forwarding set up on a non-standard port >20000 and I've never logged a single login attempt failure, where servers I've seen configured on routers forwarding port 22 would get >100 attempts per day. Would forwarding a non-standard port be enough to mitigate automated attacks against the WebGUI? Obviously, I would only be exposing HTTPS and not plain-text HTTP (I actually have my server set to HTTPS-only). Currently, I am using SSH tunneling and FoxyProxy to access the WebGUI remotely, but the frustrating thing there is that my SSL cert is issued by name only and not IP address, so I have to go through the extra hassle of ignoring the SSL errors caused by the name mismatch any time I try to access the machine remotely (actually, I have to deal with it at home too because I don't have split DNS set up and I'm using a CA-signed cert rather than self-signed, so it's issued for my public domain name.