internet access to file server through port forwarding-- I can see truenas login page but no server?

[stevetrue]

Very new to this, like 3 days now.
I created a truenas server, and can access it on my windows file explorer.
I port forward the truenas ip and can access the truenas login page from external computers.

i cant access the file server, what settings an I missing?

I just want to type in my external ip and get to the login and password page for my server.

what am i missing, is it a truenas setting or a routher wan setting?

Thanks in advance

 

[Tony-1971]

If you can't access SMB from internet is because of missing ports forwad in router for SMB.
I don't think is a good idea to use SMB outside LAN.
A safer way is using a VPN to connect to your LAN from internet and then use SMB from VPN.

Best Regards,
Antonio

 

[stevetrue]

idk, i can log into the truenas router server page no problem, with my external ip to the nas ip.

just cant get to the file server.

thanks

 

[elvisimprsntr]

Don't be one of the 10,000's of idiots that expose their NAS directly to the internet.

https://www.shodan.io/search?query=truenas
https://www.shodan.io/search?query=freenas

Use a VPN

 

[Evertb1]

what am i missing

What you are missing is a lot of knowledge. Stop forwarding that port until you know what you are doing. Start reading up on techniques like VPN as @Tony-1971 and @elvisimprsntr suggested and read as much information as possible on save ways to connect to your home network (and the devices on it) from outside.

 

[stevetrue]

So it's funny how these forums almost always go to people's opinions on how something should be done. Instead of just answering the question. I am trying to figure out my specific issue and if you don't want to help that's fine, offering the correct alternative solutions, doesn't help, because it doesn't answer the original question as to why it's not working and where my issue is. That's my rant if you don't know the answer that's fine too.

 

[ljvb]

If you absolutely must have access to the files on your server.. install the nextcloud or other similar cloud plugin and expose that.. and make damn sure you keep it up to date.. Those are at least designed to be exposed to the internet.

Never expose your file server (that includes the management console) to the internet... ever..

 

[Ericloewe]

So it's funny how these forums almost always go to people's opinions on how something should be done. Instead of just answering the question. I am trying to figure out my specific issue and if you don't want to help that's fine, offering the correct alternative solutions, doesn't help, because it doesn't answer the original question as to why it's not working and where my issue is. That's my rant if you don't know the answer that's fine too.

<Moderator hat>
If you cannot accept feedback, there is no reason for this thread to be open. What you are trying to do is a monstrously bad idea and you have been warned. You have also been given several alternatives.
It is absolutely unsafe to expose the WebGUI UI to the internet. It is absolutely unsafe to expose Samba to the internet. Doing so puts you on the fast track to being pwned and nobody here is going to have anything to do with that.
</Moderator hat>

 

[jgreco]

So it's funny how these forums almost always go to people's opinions on how something should be done.

Speaking as an actual network operator as part of the Internet network operations community, this isn't a matter of "opinion". It's a matter of critical importance to the overall health and security of the Internet, and represents decades of end-user access policy. Many of us started blocking 137-139;445 more than a quarter of a century ago.

Instead of just answering the question. I am trying to figure out my specific issue and if you don't want to help that's fine, offering the correct alternative solutions, doesn't help, because it doesn't answer the original question as to why it's not working and where my issue is. That's my rant if you don't know the answer that's fine too.

The answer is because this is SUCH a stupid yet common thing for people to try to do, that most Internet service providers have actually blocked the ports used for SMB. Your ISP is one of them.

See: https://social.technet.microsoft.co...that-allow-disallow-access-from-port-445.aspx

If you want to understand some of the rationale behind this, do feel free to peruse some of the freely available documentation produced by the broadband industry;

https://www.bitag.org/documents/Port-Blocking.pdf

Not everyone is aware of the precise answer to your very specific question, but nevertheless it is not only SMB that is an issue. In this case, there is a bonus multiplier in the form of the webUI also being potentially a risky thing to expose. Everyone here on the forums DOES (or should!) know that, and so of course they told you, and they also tried to give you the practical common solutions.

In the meantime, a note on being part of a community, on top of @Ericloewe's comments: Please do be more polite to people who are trying to guide you to solutions that allow you to accomplish common end results through mechanisms that do actually work. Forum members are community participants who are here out of the goodness of their hearts, in an effort to help you resolve your problems. They are not paid technical support staff, and you should accept thoughtfully provided comments and feedback on your question even if they are not the exact answer that you were hoping to get.

 

[stevetrue]

I don't see a lot of complete tutorials. I was able to create a shared file server in Truenas, and I am able to port forward my to a DDNS.

My issue is when I enter the DDNS or my home ip address it takes me to my Truenas login server page.

This is where I am stuck. I'm reading and trying different options to become "youtube certified". I am just looking for simple access to my file server. Thanks for any suggestions, and references. Thanks!

 

[stevetrue]

I don't see a lot of complete tutorials. I was able to create a shared file server in Truenas, and I am able to port forward my to a DDNS.

My issue is when I enter the DDNS or my home ip address it takes me to my Truenas login server page.

This is where I am stuck. I'm reading and trying different options to become "youtube certified". I am just looking for simple access to my file server. Thanks for any suggestions, and references.

Thanks!

 

[adrianwi]

There are a bunch of different options, which really depend on what you're trying to achieve. You could set up SFTP, connect back via a VPN, use a cloud-like file solution such as Nextcloud, and probably lots of other ways too. I use a combination of all of those, depending on where I am and what I'm trying to do!

You'll also need to think about how you do any solution you choose securely, which certainly doesn't involve forwarding external ports to your TrueNAS login page!

Keep searching, as I'm sure you'll find resources to help you do the options I've described on this forum, or elsewhere online. Good luck!

 

[elvisimprsntr]

VPN

I think you were told once already

internet access to file server through port forwarding-- I can see truenas login page but no server?

Very new to this, like 3 days now. I created a truenas server, and can access it on my windows file explorer. I port forward the truenas ip and can access the truenas login page from external computers. i cant access the file server, what settings an I missing? I just want to type in my...

www.truenas.com

 

[JohnDigital]

OpenVPN is probably how you want to go about it. I like OpenVPN running on a pfSense router preferred to TrueNAS but its capable. Look in the GUI under "services". Then youll access files via NFS or CIFS as if you were "local".

 

[JohnDigital]

I suppose truly OpenVPN is not the easiest way, Teamviewer or NoMachine to a simple Windows/Linux/Mac machine on the remote network probably would be.

 

[danb35]

I am able to port forward my to a DDNS.

A very unwise thing to do, at least for ports 80/443 to the NAS itself--first, because (as you've already found) it doesn't actually give you access to your files; second, because it exposes the system to the rest of the world for them to bang on--and Free/TrueNAS isn't designed for that kind of exposure.

But it looks like you've already been told that, and you didn't like the answer. Did you think you'd get a different answer by asking a few days later?

The best answer is a VPN. Nextcloud is another good answer, if you have a decent, well-thought-out, secure installation (i.e., not the plugin). SFTP can be good, if you're blocking root logins and requiring public keys. SSH tunneling can be good, with the same caveats, but it's a little more advanced.

 

[ChrisRJ]

@stevetrue , this is third thread you open about the same topic. Do you seriously believe to receive fundamentally different responses from what @jgreco, @Ericloewe , @danb35, and others already wrote?

 

[jgreco]

Moderator note: repeatedly posting the same question in different forms is only going to get your posts thrown back into the existing thread.

Additionally, you are not going to get a different answer. I have ALREADY looked at your IP address information and have ascertained your ISP is one that blocks SMB, which I already told you back in the post that is now #9. You were IMMEDIATELY given the best answer in post #2 by @Tony-1971 to use a VPN and then you can easily use SMB over that, @ljvb mentioned Nextcloud which may also be an option, and more esoteric stuff like SFTP/SSH tunneling has been mentioned as well. There ARE NOT other magic answers available.

I am sure that if you were to look at any of the available options and then need assistance with them, that our forum members would be happy to help guide you through the next steps of making a well-informed decision based on the details of what you feel you need to be able to do.

However, repeatedly posting variants on the same question to which you've already received an answer is merely going to annoy everyone.

 

[adrianwi]

I'd like to apologise as I didn't even realise there were posts above the one I'd replied to! I'd assumed it was a genuine question from a newbie trying to get to grips with TrueNAS. I can still remember being that person about 8 years ago, and wouldn't have any of the limited knowledge I have now if it wasn't for the fantastic help and advice from members of this forum. So my advice to @stevetrue would be to listen and learn, otherwise, your journey with TrueNAS will be a very difficult and bumpy ride!

 

[Patrick M. Hausen]

What do the other regulars think about WebDAD over HTTPS with a sufficiently long and complex password? I don't have any experience with TrueNAS and do not know which server software is used to server DAV shares, but IMHO there's nothing inherently insecure in the protocol. Nextcloud doesn't use anything different. Any you can mount DAV shares as network drives in Windows explorer.

So that might be the lowest hangin fruit for home file access over the public Internet.

What do you think?

Kind regards
Patrick