Acces FreeNAS from anywhere.

[BeatTheFreak]

Currently, I can access my FreeNAS box from only my home network using SSH. This is good, but I want to be able to access it from anywhere. The problem I am having is port forwarding port 22 to the FreeNAS. Apparently it's blocked for whatever reason, so from outside the house using that port, I can't access it. Is there a way to change the SSH port on FreeNAS or is there an alternative way I can get access to FreeNAS outside my local network?

 

[pirateghost]

You can forward ANY port externally to port 22 internally....

You do not need to change the SSH port on FreeNAS...

 

[Darren Myers]

I would forward some obscure port, such as 7575 or 7777, a quick google of open ports will give you what you can use...hell you can use 666 (but that is a DOOM port :P ) to port 22 internally

 

[BeatTheFreak]

I would forward some obscure port, such as 7575 or 7777, a quick google of open ports will give you what you can use...hell you can use 666 (but that is a DOOM port :p ) to port 22 internally

How would I port forward a port internally?

 

[DrKK]

How would I port forward a port internally?

Look, no offense. But anyone that doesn't understand this sort of basic networking concept is going to be at terrific risk if you start opening up ports. If you are going to proceed with this, exercise extreme caution, and do some reading.

You don't do anything at all to the FreeNAS. You need to instantiate a "port forwarding" rule at your gateway ingress (i.e., your "router" in most cases). This is something you set up on the gateway. Typically, you indicate if the rule applies to UDP, TCP, or both (in your case, you'll want TCP), you'll want to forward some ridiculous incoming port (say, take something above 20000 and you'll be fine...just pick a number, say 37771), and then you tell your gateway that port 37771 gets forwarded to your FreeNAS IP on port 22.

Then, from the outside, you'll SSH/SFTP connect to your home router's WAN IP on port 37771, and as far as your FreeNAS will be concerned, you're on port 22. Of course, your WAN IP is probably dynamic, so in order for this to be a viable long term solution, you're going to want some kind of dynamic DNS as well.

If you don't completely understand what I've just said without having to google things, then again, I want to reiterate, that opening ports/forwarding ports on your router does expose your internal network to outside shenanigans, and a networking novice is at significant risk if he does this. You will **AT A MINIMUM** want to completely disable password logins to SSH, and use only certificate-based authentication, which is additional complexity for you.

Proceed with caution, sir.

 

[cyberjock]

I'm with DrKK. If you don't understand this stuff without asking questions, you should NOT be doing it. ;)

 

[BeatTheFreak]

Look, no offense. But anyone that doesn't understand this sort of basic networking concept is going to be at terrific risk if you start opening up ports. If you are going to proceed with this, exercise extreme caution, and do some reading.

You don't do anything at all to the FreeNAS. You need to instantiate a "port forwarding" rule at your gateway ingress (i.e., your "router" in most cases). This is something you set up on the gateway. Typically, you indicate if the rule applies to UDP, TCP, or both (in your case, you'll want TCP), you'll want to forward some ridiculous incoming port (say, take something above 20000 and you'll be fine...just pick a number, say 37771), and then you tell your gateway that port 37771 gets forwarded to your FreeNAS IP on port 22.

Then, from the outside, you'll SSH/SFTP connect to your home router's WAN IP on port 37771, and as far as your FreeNAS will be concerned, you're on port 22. Of course, your WAN IP is probably dynamic, so in order for this to be a viable long term solution, you're going to want some kind of dynamic DNS as well.

If you don't completely understand what I've just said without having to google things, then again, I want to reiterate, that opening ports/forwarding ports on your router does expose your internal network to outside shenanigans, and a networking novice is at significant risk if he does this. You will **AT A MINIMUM** want to completely disable password logins to SSH, and use only certificate-based authentication, which is additional complexity for you.

Proceed with caution, sir.

What you said was extremely simple to understand and I don't understand why you think I am inexperienced in this. Just because I haven't used a certain software before doesn't mean I am inexperienced. I figured out the problem anyway. My router would not let me use port 22 even if I set an external port (Ex. 8888). This setting can't be turned off without hacking the firmware of the device, which I don't intend to do. The only way to access SSH outside the network was for me to completely change the SHH port on the freeNAS. It now works like a charm! BTW. Don't think I am inexperienced just because I don't fully understand on how the software works

 

[BeatTheFreak]

I'm with DrKK. If you don't understand this stuff without asking questions, you should NOT be doing it. ;)

How about you help people instead of saying "you should NOT be doing it." Look above on my previous post to DRKK, I wish people would stop being so ignorant and actually help people.

 

[pirateghost]

What you said was extremely simple to understand and I don't understand why you think I am inexperienced in this. Just because I haven't used a certain software before doesn't mean I am inexperienced. I figured out the problem anyway. My router would not let me use port 22 even if I set an external port (Ex. 8888). This setting can't be turned off without hacking the firmware of the device, which I don't intend to do. The only way to access SSH outside the network was for me to completely change the SHH port on the freeNAS. It now works like a charm! BTW. Don't think I am inexperienced just because I don't fully understand on how the software works

But your router has nothing to do with freenas.

If your router doesn't do simple port forwarding, then you need to get a new router, as yours is surely insecure

 

[BeatTheFreak]

You can forward ANY port externally to port 22 internally....

You do not need to change the SSH port on FreeNAS...

Sadly, I discovered that I can't port forward port 22 internally. My router has a setting locked into the firmware that anything trying to access port 22 externally, even if it is port forwarded, it will block it no matter what. I just changed the SSH port on FreeNAS to solve it, but thanks for trying to help and for anyone else your post could have solved the answer.

 

[pirateghost]

Sadly, I discovered that I can't port forward port 22 internally. My router has a setting locked into the firmware that anything trying to access port 22 externally, even if it is port forwarded, it will block it no matter what. I just changed the SSH port on FreeNAS to solve it, but thanks for trying to help and for anyone else your post could have solved the answer.

But you should still have the ability in your router to forward port 8888 to internal port 22. This is the most basic of router functions in a NAT environment.

 

[BeatTheFreak]

But you should still have the ability in your router to forward port 8888 to internal port 22. This is the most basic of router functions in a NAT environment.

Router does not allow that unless I hack the firmware.

 

[pirateghost]

Router does not allow that unless I hack the firmware.

Like I said, with that being the most basic of NAT functions, you should get a new router.

 

[BeatTheFreak]

But your router has nothing to do with freenas.

If your router doesn't do simple port forwarding, then you need to get a new router, as yours is surely insecure

Not letting someone port forward port 22 is insecure? It's annoying but whatever

 

[pirateghost]

Not letting someone port forward port 22 is insecure? It's annoying but whatever

No, not letting someone forward port 8888(or whatever) to port 22 is F'ing stupid. If you can't control your router, how can you possibly expect it to be secure?

I most certainly am NOT saying you should have the ability to open port 22 on the EXTERNAL interface, I am saying you should be able to forward ANY number of ports to whatever you like on your internal LAN. Limiting the external port to be the same as the internal port is F'ing stupid.

 

[BeatTheFreak]

No, not letting someone forward port 8888(or whatever) to port 22 is F'ing stupid. If you can't control your router, how can you possibly expect it to be secure?

I most certainly am NOT saying you should have the ability to open port 22 on the EXTERNAL interface, I am saying you should be able to forward ANY number of ports to whatever you like on your internal LAN. Limiting the external port to be the same as the internal port is F'ing stupid.

Agree with you 100%

 

[DrKK]

What is the make, and model, of this router, if you please, sir.

 

[Fish]

If you truly can't port forward port 22, you could set up a VPN. Then you just have to connect to the VPN and use the internal addresses like you're sitting there at home.

 

[DrKK]

What is the make, and model, of this router, if you please, sir?