nfs access remotely

[lee.ngeap]

Hi Dear;

Can anybody help me out how to configure free nas share nfs over public IP?

I can mount 100% successful within my local network to any of my centos 7.

However, i can't mount from my other centos 7 out of my network.

Below is my command:
local: mount -t nfs 192.168.168.31:/mnt/Raid_Striped/nas_shared/vod /nas
via public IP: mount -t nfs xxx.xxx.xxx.xx:/mnt/Raid_Striped/nas_shared/vod /nas

freenas server: 192.168.168.31

Do I missing anything?
I'm using Mikrotik router. I already enable firewall for port 111 and 2049.

 

[k9bm]

Did you get anywhere with this? I see you only forwarded ports 111 and 2049, I believe we need to forward a few other ports as well, but finding the information is elusive....

 

[lee.ngeap]

Thanks. It’s solved.

 

[Heracles]

Hey Lee,

Know that NFS is clear text and was never meant to be used straight over Internet. You now have all your data exposed to whoever want to access them from anywhere in the world.

VPN, SFTP and Nextcloud are million times better suited for the job.

I really encourage you to disable that NFS over Internet ASAP and to design a secure network access.

 

[k9bm]

I completely agree about not using NFS over the internet in the clear. But for anyone who might stumble across this thread looking for port forwarding and/or firewall rules for NFS with FreeNAS:

FreeNAS uses fixed ports 111 and 2049 for NFS, but by default it will also randomly select up to 4 other ports for the various daemons used for NFS. You could build a firewall rule for ports 111-2049 and it would work. But you should instead specify static ports for mountd, statd, and logd in the NFS config screen of the GUI. Use THIS website to select 3 "unassigned" port numbers, enter them into the NFS config screen for mountd, rpc.statd, and rpc.logd bind ports, then add those 3 ports to ports 111 and 2049 in your firewall (and/or port forward) rule. Best practice suggests you should also specify the destination IP in your firewall rule (the FreeNAS server)....

 

[chx_b]

Hey Lee,

Know that NFS is clear text and was never meant to be used straight over Internet. You now have all your data exposed to whoever want to access them from anywhere in the world.

VPN, SFTP and Nextcloud are million times better suited for the job.

I really encourage you to disable that NFS over Internet ASAP and to design a secure network access.

I am also attempting to get access to my new NAS remotely, and I have seen that nfs is clear text, which bothers me greatly.
However, I often use nfs on some work computers, which I ssh into remotely via logging into a VPN.

Would this use of nfs be appropriate? If the nfs is operating while on the VPN?

I have a bunch of issues figuring out how to get a VPN server setup and to be accessible, but my hope was that having the TrueNAS as a VPN server at home, and having all of my families devices logged into that VPN, they could use nfs (Linux) and and samba (windows) for their data storage remotely.

Is this reasonable? The way you dismissed nfs as a useful technology makes it seem as though this approach is a distaster.

 

[jgreco]

was never meant to be used straight over Internet.

Well, that's not true. Remember back in the day when archive sites ran open NFS? wuarchive having been among the favorites...

http://web.mit.edu/kolya/.f/root/net.mit.edu/athena.mit.edu/project/13.cluster/README.NFS

I miss the old days. NFS over frame T1.

all your data exposed to whoever want to access them

Back in the days when that wasn't a real problem.