How do I SSH into my freenas box remotely using DDNS?

[CraftyClown]

As the title reads, it would be really handy if I could quickly SSH into my Freenas box whilst at work via Filezilla.

My router is accessible via DDNS, however I'm not sure how to dig down to the Freenas box

any suggestions?

Cheers

 

[danb35]

SSH to the router. Once connected, SSH from there to your FreeNAS box. Or (better) VPN to the router, then SSH to the FreeNAS box.

 

[CraftyClown]

VPN and then SSH to my Freenas box is exactly how I connect at the moment, however I was looking for an option so I could connect from another machine without adding a VPN client.

So basically it's a two stage SSH then. I can't see a way of doing that with Filezilla though. Do you happen to know if it's possible?

 

[DrKK]

@CraftyClown

Sir: You'll have to do it ghetto style. You won't be using FTP, the ports you'd have to open, etc., not what you want to try to do, nor will it be very secure. What you do is open up the **ROUTER PORT FORWARDING** (google how to forward ports if you're not familiar) to send, say, port 12345 to port 22 on the FreeNAS IP. Then, you will use filezilla, but specify your name as: sftp:IP_ADDRESS:12345.

 

[anodos]

@CraftyClown

Sir: You'll have to do it ghetto style. You won't be using FTP, the ports you'd have to open, etc., not what you want to try to do, nor will it be very secure. What you do is open up the **ROUTER PORT FORWARDING** (google how to forward ports if you're not familiar) to send, say, port 12345 to port 22 on the FreeNAS IP. Then, you will use filezilla, but specify your name as: sftp:IP_ADDRESS:12345.

I prefer to forward 443 to 22. It allows access through even annoyingly configured firewalls.

 

[fracai]

To get really fancy:

For a while I had 443 and 22 forwarded to sslh in a jail. sslh split SSH traffic to FreeNAS and SSL to stunnel in a jail. stunnel decrypted the stream and directed the traffic to another sslh instance. sslh would then send HTTP traffic to an nginx reverse proxy (several web GUIs, directory listings, etc.) and SSH traffic to FreeNAS. Oh, that first sslh instance also accepted port 80 and forwarded the traffic to nginx, but all that would be served back was a redirect to SSL.

This took quite a bit of diagramming to keep straight as I configured things.

While very impressed with myself that such a contrived tangle actually worked, I replaced all of that with OpenVPN running on my router. The nginx reverse proxy is all that remains and that's just to make the web GUI URLs easier to remember.

If I start running in to many networks that block OpenVPN I turn the tangle back on, but it hasn't been an issue so far. I've also been meaning to look in to proxying over DNS, but that's certainly not high on the list either.

 

[zoomzoom]

As danb35 said, a multi-hop SSH must be set up where you ssh into the router from WAN, then once connected, it auto SSH's into FreeNAS over the LAN.

• Remote device --> WAN SSH --> Router --> [Multi-Hop begins] --> LAN SSH --> FreeNAS

I've never used FileZilla, however here is a tutorial I wrote to setup a Multi-Hop SSH via PuTTY

• Instead of having the tutorial in two places, I edited this to only show the link to the tutorial
  • https://forums.freenas.org/index.php?threads/howto-multi-hop-ssh-into-freenas.38242/

 

[Darren Myers]

Could also stand up an OpenVPN server and that would give you access to everything in your home network if configured properly

 

[zoomzoom]

Could also stand up an OpenVPN server and that would give you access to everything in your home network if configured properly

I think he was trying to circumvent having to install a VPN client on every machine he needed access from

 

[pirateghost]

I think he was trying to circumvent having to install a VPN client on every machine he needed access from

This is why I love my Sophos UTM. HTML5 VPN, with access to my network from anywhere, over port 443, with nothing more than a browser.

 

[zoomzoom]

This is why I love my Sophos UTM. HTML5 VPN, with access to my network from anywhere, over port 443, with nothing more than a browser.

What Sophos UTM version do you have?

 

[pirateghost]

What Sophos UTM version do you have?

currently it is on

Firmware version: 9.315-2

 

[zoomzoom]

currently it is on

It's actual hardware as well though right, or do they offer an option for BYOD?

 

[pirateghost]

It's actual hardware as well though right, or do they offer an option for BYOD?

They have a software appliance (ISO) that is free for home use up to 50 IP addresses being protected.

They have always had a free ISO version, even back when they were ASTARO

 

[zoomzoom]

They have a software appliance (ISO) that is free for home use up to 50 IP addresses being protected.

They have always had a free ISO version, even back when they were ASTARO

I had never heard of Sophos until I read your reply the other day, but after looking at their site, I thought you had to buy physical hardware. I found the UTM software section that I overlooked the other day =] Thanks!

 

[pirateghost]

I started using astaro in 2008/2009, and have tried everything out there. It is the best product on the market for UTM duties.

 

[zoomzoom]

I started using astaro in 2008/2009, and have tried everything out there. It is the best product on the market for UTM duties.

It looks like it; before you mentioned the software option, I was looking at buying one of the hardware versions.

I'm still reading through the site, but how does UTM work... do you have it running on a PC or installed on the server itself?

 

[pirateghost]

It looks like it before you mentioned the software option, I was looking at buying one of the hardware versions.

I'm still reading through the site, but how does UTM work... do you have it running on a PC or installed on the server itself?

out of the box it is your router and firewall. you do not run it locally on any computer, but on a computer/server you dedicate as a router/firewall. it is an appliance, much like FreeNAS is.

 

[zoomzoom]

out of the box it is your router and firewall. you do not run it locally on any computer, but on a computer/server you dedicate as a router/firewall. it is an appliance, much like FreeNAS is.

How would I go about learning how to set that up and what I would need to do so [hardware wise]? I assume it's not a firmware option like OpenWRT [which is what I run on my Linksys WRT1900ac)?

 

[pirateghost]

How would I go about learning how to set that up and what I would need to do so [hardware wise]? I assume it's not a firmware option like OpenWRT [what I run on my Linksys WRT1900ac)?

you need:
a computer
more than one NIC
a hard drive
a cd/cdrom/usb (installing from USB requires a little trick, but its easy)

You do not load this on your current router, as it is an appliance, and requires x86/x86_64 hardware.