How to connect freenas ftp to outside world

Status
Not open for further replies.

texastan1

Cadet
Joined
Aug 1, 2011
Messages
6
I installed FreeNAS 8.0 and connected FrieFTP to local computer and my XBMC xbox no problem very think worked good.
now i want connect FTP outside world to sharing my drive and home directory,
please help me with step by step i have no network knowledge. sorry my english
 
N

natelabo

Guest
There is a myriad of reasons for setting this up... But do you actually need it? I wouldn't risk it if you don't feel confident in the proper setup of security related stuff. (Users, Shares, Etc.)

Steps:

1) Secure your NAS and Network
2) Set FreeNAS to Static IP on local network
3) Set router to foward port 21 to FreeNAS IP
4) Find out your external IP (whatismyip.org)
5) Set up dynamic DNS if IP is not static (Hopefully your router supports update of a dynamic DNS site, most do)
6) Direct your FTP client to the dynamic name you selected in 5 or use your external ip
7) You should now be connected...
 

texastan1

Cadet
Joined
Aug 1, 2011
Messages
6
Thanks for your reply
I have no knowledge networking,can you show me step by step how to setup dynamic DNS on FreeNAS
i have 2wire router
 
Joined
May 27, 2011
Messages
566
FTP is not secure in the slightest. so i would recommend strongly against it. i never use it on a public LAN for that very reason. if you want secure remote access, look into SSH, SFTP and SCP. Each being something you should read up on and be familiar with before you open them to the world. The Internet can be a dangerous thing.
 

califrag

Dabbler
Joined
Sep 9, 2011
Messages
16
FTP is not secure in the slightest. so i would recommend strongly against it. i never use it on a public LAN for that very reason. if you want secure remote access, look into SSH, SFTP and SCP. Each being something you should read up on and be familiar with before you open them to the world. The Internet can be a dangerous thing.

Everything said above is correct. You do not want to open up regular FTP to the outside world. I do recommend taking the above advice and read up on SSH and SFTP.

Once you are ready, you can follow these steps to get basic SFTP going:

Login to FreeNAS WebGUI

Expand Services
Click FTP
  • Enable SSL\TLS
  • OK
Click Control Services
Turn on SSH
Turn on FTP (should already be turned on, based on your OP)

Create a new user (If you already have a user set up, click Users>username)
  • Users>Add User
  • Username: username
  • Primary Group: wheel
    * If user is for SFTP only change to 'nogroup'
  • Home Directory: /mnt/YOURMNT/YourMedia
    * This is the folder you want the SFTP to start in
  • Shell: csh
    * If user is for SFTP only, change to 'scponly'
    * http://www.debian-administration.org/articles/94 (comments)
  • Full Name: Your Name
  • Email: Your Email
  • Password: yourpass
  • Confirm: yourpass
  • OK

Whew!

This first test is to verify you can access your box through SFTP and NOT FTP.
  • Use your FTP client of choice (FileZilla)
  • Host: Your local FreeNAS IP (i.e 192.168.1.X)
  • Protocol: Leave as FTP
  • Put your username and password from above.
Try to connect and you should get denied.
Now change the protocol to SFTP and try to connect.
It should give a directory listing.

If the user is for SFTP only and you set the primary shell to 'scponly', let's make sure we can't PuTTy into the box
Open PuTTy
  • Host: Your local FreeNAS IP
  • Open
  • Login: username
  • Password: password
As soon as you hit enter, PuTTy should just close.

Now we can open it up to the rest of the world.

Open your router admin page and port forward ssh to your FreeNAS box. It will be port 22. The instructions for this will vary depending on your router but you can find most instructions on www.portforward.com

Basics:
  • log into your router
  • port forwarding
  • new entry: local host: FreeNAS IP, protocol: ssh (tcp>any to single port 22)
  • Save

Now find your external ip by going here: ip.nefsc.noaa.gov

Once you have your external IP, repeat the same two tests as above. Open FileZilla and change the host to your external IP, then do the same with PuTTy, making sure that you can only access through SFTP.

This isn't foolproof and this doesn't cover the basics of file permissions or using signed certificates (password-less login, which is even more secure), but I hope this will get you going in the right direction.

Also, I'm not sure if this will break anything with XBMC either, but it should work.

If anybody can fix any mistakes or provide more tips on securing it (via certificates or whatever) please add.
 

rnicolas

Explorer
Joined
Sep 20, 2011
Messages
51
I'm having an issue where I CAN connect and browse files to my FTP share in my local lan via 192.168.x.x address, but when I try to connect to it via the web, it connects but it gives this error in Filezilla: "Failed to retrieve directory listing"...
Anyone know what can be the issue?
I've made an FTP data set and made an ftpuser to access that data set in the ftp share.
 

califrag

Dabbler
Joined
Sep 9, 2011
Messages
16
I'm having an issue where I CAN connect and browse files to my FTP share in my local lan via 192.168.x.x address, but when I try to connect to it via the web, it connects but it gives this error in Filezilla: "Failed to retrieve directory listing"...
Anyone know what can be the issue?
I've made an FTP data set and made an ftpuser to access that data set in the ftp share.

you have to make sure the ftpuser is in the same group as the files you are trying to access...

For example, if you set your FTP folder to a directory where all the files are owned by root:wheel, and your user is not root and not in the group wheel, the listing gets denied. If your ftp folder files are owned by www:shared and you put your ftpuser into group 'shared' they will be able to access the files.

I hope that makes sense...

There are TWO authentications going on:
The first is to check whether the user can just login via ftp or not.
If the user can log in then, the second is to check whether the user has permissions to view the files and folders in the directory that you set your FTP up for.
If the folder doesn't belong to the user, and the user isn't in the group that the folder belongs to, they can't access any files but can still log in.
 

rnicolas

Explorer
Joined
Sep 20, 2011
Messages
51
I made ftpuser the group and user owner of the path I'm sharing which is /mnt/nas2/ftp
That is also the ftpuser's "home directory" and the ftp share's path. So i don't know what is going on because I can view and browse that path with my internal IP 192.168.x.x just not through the web...
 

califrag

Dabbler
Joined
Sep 9, 2011
Messages
16
I made ftpuser the group and user owner of the path I'm sharing which is /mnt/nas2/ftp
That is also the ftpuser's "home directory" and the ftp share's path. So i don't know what is going on because I can view and browse that path with my internal IP 192.168.x.x just not through the web...

try doing a chmod -R ug+rwx on the folder...
 

rnicolas

Explorer
Joined
Sep 20, 2011
Messages
51
try doing a chmod -R ug+rwx on the folder...

Do I do this at the Shell? And what will that command do?

edit: I did chmod -R ug+rwx followed by the path "/mnt/nas2/ftp"
It didn't do anything... it just went to the next line with a %
I retried to connect from the internet but same error...

When I try to connnect fromm the internet with the same username I get the error: "A connection with the server could not be established"
I have dyndns setup.
 

califrag

Dabbler
Joined
Sep 9, 2011
Messages
16
Do I do this at the Shell? And what will that command do?

edit: I did chmod -R ug+rwx followed by the path "/mnt/nas2/ftp"
It didn't do anything... it just went to the next line with a %
I retried to connect from the internet but same error...

When I try to connnect fromm the internet with the same username I get the error: "A connection with the server could not be established"
I have dyndns setup.

yes, do it at shell, or you can do it through SSH terminal

you will probably want to be root.

the command will add read, write and execute priveleges for users and groups those files are assigned to.

When you say 'connect from the internet' what are you doing?

Opening the ftp in a web browser? using an ftp client?
 

rnicolas

Explorer
Joined
Sep 20, 2011
Messages
51
I'm trying to connect from Filezilla and and Windows explorer. Both aren't able to connect to the share even after that command.
Although, I am able to connect to the share from within my LAN... :-/
And I dyndns setup and router setup to forward to port 21 to the server.

edit: I"m running the latest version 8.0.1 amd64
 

Milhouse

Guru
Joined
Jun 1, 2011
Messages
564
@rnicolas: Joining this a bit late, so just to be clear here, you are trying to connect to your FreeNAS FTP service via your public web address from *within* your home network? ie. you are attempting to create a network connection from inside your home network, out on to the public internet, and then back into your home network?

If so, chances are there's nothing wrong with your FreeNAS configuration but instead you need to look at your internet router/gateway and see if you have an option called either "Enable Loopback" (you want it ENABLED), or alternatively it may be called (eg. on Linksys) "Filter Internet NAT Redirection" (you want this DISABLED - ie. you don't want filtering). This option is likely to be buried away somewhere in the "Security" settings.

By default, most gateway routers will block the kind of "loop back" connection you are attempting to establish.
 

rnicolas

Explorer
Joined
Sep 20, 2011
Messages
51
@rnicolas: Joining this a bit late, so just to be clear here, you are trying to connect to your FreeNAS FTP service via your public web address from *within* your home network? ie. you are attempting to create a network connection from inside your home network, out on to the public internet, and then back into your home network?

If so, chances are there's nothing wrong with your FreeNAS configuration but instead you need to look at your internet router/gateway and see if you have an option called either "Enable Loopback" (you want it ENABLED), or alternatively it may be called (eg. on Linksys) "Filter Internet NAT Redirection" (you want this DISABLED - ie. you don't want filtering). This option is likely to be buried away somewhere in the "Security" settings.

By default, most gateway routers will block the kind of "loop back" connection you are attempting to establish.

Yes that is correct, that is exactly what i'm trying to do. Trying to access my dyndns.com site from within my LAN.
I'm trying to look at that option from this Netgear router. So I hope that is the issue.
I will try it from an "outside" internet connection tomorrow.
 

Milhouse

Guru
Joined
Jun 1, 2011
Messages
564
Yes that is correct, that is exactly what i'm trying to do. Trying to access my dyndns.com site from within my LAN.
I'm trying to look at that option from this Netgear router. So I hope that is the issue.
I will try it from an "outside" internet connection tomorrow.

Cool. For Netgear, the option is most likely called "NAT Loopback", so you want this enabled. However a quick search suggests that not all Netgear routers may support this option, and some popular (certainly in the UK) Netgear routers received support via firmware updates so make sure your firmware is up to date if you can't find the option!

PS. If you want help testing externally PM me, I'm happy to help for the next hour or so. I wouldn't need a username or password, as you should see my (attempted) connection activity in your server logs.
 

rnicolas

Explorer
Joined
Sep 20, 2011
Messages
51
I just did the router firmware update and I see the NAT option, but now after the update I can't even get to my CIFS shares on this test server LOL.
Weird because my other freeNAS box's CIFS shares are fine...
I can't even ping this test server either now... Strange

Edit: I rebooted the router and now it is all working after I enabled the NAT Fitlerirng to OPEN.

Thanks for the help Milhouse!
 

vrayl

Cadet
Joined
Oct 5, 2011
Messages
5
Can´t access via FTP from outside world

Hi, even after I follow the step in this post, i can´t access to my freenas via ftp o sftp from outside world.

I have ports 21 and 22 forwarded to the local address of my free nas but whenever i tried to connect via filezilla or internet explorer i have a Timeout error. This doesn´t happen in my local network, there i can connect.

I already update freenas to i386 8.1.0.

Thanks
 

ProtoSD

MVP
Joined
Jul 1, 2011
Messages
3,348
Hi vrayl,

Many Internet providers block the lower ports like 21, 22, 25, and many others. Try using a higher port number like 12121, something above 1024 and below 65000, and then have your router map it to the lower port 22 on your local network.

So then, on the outside you would for example with Internet Explorer type an address like this: ftp://your-ip:12121/

Hope that helps!
 
Status
Not open for further replies.
Top