Is someone trying to hack into my FreeNAS???

[nightshade00013]

My bad, I expected anything in the log to show on the port used and forwarded to the service.

I can't think of any sane reason to put a FreeNAS machine into a DMZ. It's not designed to have any exposure to any network that isn't trusted.

The bad thing is I have seen posts where people have done just that because they couldn't figure out how to do a forward.

 

[JDCynical]

The bad thing is I have seen posts where people have done just that because they couldn't figure out how to do a forward.

That's another thing, why would someone 'need' to forward a port to it to begin with?

Remote maintenance? Use something like teamviewer to a desktop and go from there.
Remote file access? There are many packages out there that take of that and are designed to be exposed to the outside. I hear owncloud mentioned often, or configure a VPN.

When I see people opening up servers and such to the world that are not designed to be exposed to said world, I cringe and think that this is why we can't have nice things and how one gets ants.

 

[depasseg]

That's another thing, why would someone 'need' to forward a port to it to begin with?

Replication over SSH

 

[JDCynical]

Replication over SSH

Hrm. Point. :)

 

[danb35]

That's another thing, why would someone 'need' to forward a port to it to begin with?

Because they need, or want, some sort of remote access to the system, and can't figure out how to set up a VPN at the router (which is how it should be done). And/or because they don't know any better.

You mention owncloud--but that would (in the absence of a VPN) need a port forwarded to the owncloud jail. Teamviewer and the like would need access to another machine on the LAN that would be powered on and accessible. I see the perceived need, but (as you've said) port forwarding is almost always the wrong way to do it.

Opening SSH is OK, as long as SSH is configured properly. I'm not convinced that using a different port is of any real value, but if you want to, go for it. Disable root logins, disable password logins, set up a non-privileged user with sudo/su access and a public key, and you're pretty safe. OpenVPN, or some other robust VPN solution, is probably OK (though it should really be handled at the router). Anything else, and you're asking for trouble.

And to @kevinlei324, whom I fear we've scared away from FreeNAS--none of these issues are unique to FreeNAS. You wouldn't be any safer (and probably less safe) doing the same thing with a Synology or a QNAP device. NAS devices are designed to run on a protected LAN, not to be exposed to the Internet.

 

[butterwrath]

And to @kevinlei324, whom I fear we've scared away from FreeNAS--none of these issues are unique to FreeNAS. You wouldn't be any safer (and probably less safe) doing the same thing with a Synology or a QNAP device. NAS devices are designed to run on a protected LAN, not to be exposed to the Internet.

Haha this was more of a reality check of how scary the internet really is.

As an update, I did wipe the OS and reconfigured the settings. I only have Plex running right now.

But a huge thanks to all of you with all the suggestions. This was a huge learning experience. It's time for me to stop looking for shortcuts and try to learn how to set up things up properly.

 

[tvsjr]

It's time for me to stop looking for shortcuts and try to learn how to set up things up properly.

Those of us who spend every day dealing with attacks from other people's compromised systems appreciate it :)

 

[Rilo Ravestein]

...I'll set that up too. Heck, maybe during my Christmas vacation...

Good way to spend your vacation time! I'll be working on my new pfsense toy, especially setting up at least one proper VPN and check out all the cool stuff i can do with the NAS using that :)

EAT THAT @RussianMafia !!! (Please be gentle...)

 

[joeschmuck]

I'm at work right now, probably at work next week too. Vacation cut short. Being in management sucks quite often. At least I get tomorrow off :)