Remote access best practices

[avpullano]

I have a successfully running FreeNAS setup. Currently running FreeNAS 8.3 (if it ain't broken...).

Now I want to host some web apps (think very simple multiplayer games) for some friends. I need remote access to my FreeNAS box (or I guess, just the jail?). I've been searching through the forum, but I'm just getting more and more confused because of my lack of experience with networking. I understand that most people use SSH, FTP, or VPN to access FreeNAS remotely. Beyond that, I'm lost.

In short, how do I make my FreeNAS/jail accessible remotely without compromising the security of my server?

 

[pirateghost]

If you don't understand networking, don't attempt it. You need to get a grasp on that first.

Sent from my Nexus 5

 

[avpullano]

Well, that's exactly what I'm trying to learn . I'm not in a rush, I'm willing to do plenty of reading if you have any resources to suggest.

 

[pirateghost]

Look at using VPN or SSH tunneling. Do not open up CIFS sharing over the internet.

Define 'remote access' from your friends house. How do you want to access it? Have a look at OwnCloud plugin too

 

[cyberjock]

It's as pirateghost says. Look at VPN or SSH tunneling. What you are asking for isn't really a FreeNAS question. It's more of a networking question, so getting detailed support here isn't recommended as this forum is for FreeNAS. :P

 

[avpullano]

Look at using VPN or SSH tunneling. Do not open up CIFS sharing over the internet.

Define 'remote access' from your friends house. How do you want to access it? Have a look at OwnCloud plugin too

I've been playing around with FreeBSD Ports and figured out how to run the JVM through the FreeNAS jail. My friend and I write little Java programs for fun, so I want to have a host program running on FreeNAS that can be accessed from the web. Right now I can sit in my house and use an internal IP to do this, I want to make this possible from outside of my house.

 

[avpullano]

It's as pirateghost says. Look at VPN or SSH tunneling. What you are asking for isn't really a FreeNAS question. It's more of a networking question, so getting detailed support here isn't recommended as this forum is for FreeNAS. :p

Yeah, I see what you're saying. I guess the main reason I asked here is that anything I do with FreeNAS will be connected to all of the data I have saved on there. I just wanted to get an idea of what the best practices are to do things like exposing the jail but protecting the main volume. Pointing me toward VPN and SSH tunneling is a great start, thanks!

 

[N00b]

I've been playing around with FreeBSD Ports and figured out how to run the JVM through the FreeNAS jail. My friend and I write little Java programs for fun, so I want to have a host program running on FreeNAS that can be accessed from the web. Right now I can sit in my house and use an internal IP to do this, I want to make this possible from outside of my house.

Wouldn't port forwarding work? It may not be as secure as ssh or VPN but should be easy to set up.

 

[avpullano]

Wouldn't port forwarding work? It may not be as secure as ssh or VPN but should be easy to set up.

I suppose that would do the trick, but what kind of risk would that expose? My real trouble is that I don't understand how FreeNAS access is affected by opening a port.

 

[N00b]

From what I read it should be acceptable risk if you use a jail ; don't have critical or sensitive data in the jail or have minimal services running ( lesser the number of services for someone to exploit) and use a non-standard port. Perhaps some of the more experienced users / mods would like to comment on the risk with port forwarding.

 

[avpullano]

From what I read it should be acceptable risk if you use a jail ; don't have critical or sensitive data in the jail or have minimal services running ( lesser the number of services for someone to exploit) and use a non-standard port. Perhaps some of the more experienced users / mods would like to comment on the risk with port forwarding.

What you're saying does go along with the whole point of using the jail system. I'll def take a harder look at simple port forwarding. Thanks!

 

[cyberjock]

From what I read it should be acceptable risk if you use a jail ; don't have critical or sensitive data in the jail or have minimal services running ( lesser the number of services for someone to exploit) and use a non-standard port. Perhaps some of the more experienced users / mods would like to comment on the risk with port forwarding.

Yeah, not too true. If they get access to the jail they can take advantage of any security risks in the jail to potentially get root access for the entire server(and from there your entire LAN). There's alot of other risks such as MITM attack and whatnot that could play a part too. For that reason we never recommend you use port forwarding. VPN solves multiple problems with the actual data in the traffic as well as the potential risk to the jail.

Just don't do it.

 

[avpullano]

Yeah, not too true. If they get access to the jail they can take advantage of any security risks in the jail to potentially get root access for the entire server(and from there your entire LAN). There's alot of other risks such as MITM attack and whatnot that could play a part too. For that reason we never recommend you use port forwarding. VPN solves multiple problems with the actual data in the traffic as well as the potential risk to the jail.

Just don't do it.

Gotcha. Thanks a ton for the input.