Remote access to FreeNAS behind SBG6580 router

Status
Not open for further replies.

bebo75

Dabbler
Joined
Jul 28, 2013
Messages
18
Hi there, I have a Motorola SBG6580 Cable Modem and Gateway and of course my FreeNAS behind it, I'm intending to access my home server from the outside world but I can only get up to the router's configuration page, so I have port 21 open and still doesn't get there, is there any configuration or feature I need to activate on my freenas so this can happen?
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
You shouldn't be forwarding ports to your FreeNAS server. That's a recipe for getting hacked. What you need to do is setup a VPN to your network.
 

bebo75

Dabbler
Joined
Jul 28, 2013
Messages
18
VPN? Well the reason why I'm intending to forward port 21 is to be able to upload pictures and other type of files while on the go, i usually take a lot of pictures and before I used dropbox and want to stop using it due to storage capacity so i thought that using freenas would solve this


Sent from my iPhone using Tapatalk
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
ftp Is particularly difficult to port forward because it uses more than a single port.

i believe that somebody ported owncloud to FreeNAS and it may be that that's a better option.
 

bebo75

Dabbler
Joined
Jul 28, 2013
Messages
18
I'll try VPN and see how it works, and yes I've heard of OwnCloud but not to work with FreeNAS but Ubuntu


Sent from my iPhone using Tapatalk
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
Most open source web software is written to be portable. It'd be weird to limit a package to only work on Ubuntu without some good reason.

It'd be artificially limiting to the potential installed base, since Ubuntu is only a fraction of Linux, and Linux is only one UNIX- or UNIX-like variant.
 

bebo75

Dabbler
Joined
Jul 28, 2013
Messages
18
I don't doubt the power of Linux-Unix based systems at all, so my Q would be: is FreeNAS not secure enough yet to be published out there in the world? How useful would this OS would be if I want to set a public WWW and public FTP, hosted both in this PC?


Sent from my iPhone using Tapatalk
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
I don't doubt the power of Linux-Unix based systems at all, so my Q would be: is FreeNAS not secure enough yet to be published out there in the world? How useful would this OS would be if I want to set a public WWW and public FTP, hosted both in this PC?

It's more secure than Windows. But that's not saying much.

You have to understand that FreeBSD is reasonably secure. It is largely written by professionals, with multiple people reviewing most changes, and the source is always available for your inspection if you'd like to join them. That doesn't prevent problems from appearing. There are lots of other packages that are included with FreeBSD that the FreeBSD team did not write. If you look at the list of FreeBSD security advisories going back to 2010, you'll find 36. If you classify them, approximately half are actually problems in externally-sourced subsystems like BIND. Many of the others are attacks that are only practical if you have local access to the system, such as a shell user.

Further, you probably won't find many commonly-deployed operating systems in the service provider arena that are more secure than FreeBSD. OpenBSD may be more secure but isn't widely deployed. However, you also have to consider what is meant by "secure." The servers we deploy here would not feel all that familiar to a typical home FreeBSD user; the base system is locked down with kernel securemode and schg on most files, and superfluous suid/sgid removed on many others, there's a firewall that allows just the specific service a server was designed to run, and the service itself is usually running in a carefully segregated jail that contains no /bin/sh, rendering many common external penetration strategies useless. I consider FreeBSD secure only partly because the base OS is reasonably so. The rest of it is engineered to be so. Our latest updates of our system build tools do some other interesting things as well.

Now, as for FreeNAS... FreeNAS also adds substantial amounts of software on top of the base FreeBSD install. Those are all unknown risks; the FreeNAS guys are good at what they do, but fundamentally I don't feel that FreeNAS was built to be exposed directly to the Internet. It lacks a lot of what I would consider to be prudent steps necessary to harden a system. That's largely because it is intended to be an appliance. You can probably set it up to provide web and FTP services and it'll be about as secure as the average UNIX-based server. That's not bad, but really, it is also somewhat risky. You need to take reasonable steps to make sure you're protected, such as paying attention to the various vulnerabilities mailing lists, updating the software when updates become available, and maybe keeping an eye on your content using some secure method to make sure your content hasn't been compromised.
 

diedrichg

Wizard
Joined
Dec 4, 2012
Messages
1,319
I've searched high and low to find non-convoluted instructions to set up a VPN on FreeNAS. The only method that I was able to remotely follow was the Joe Paetzel method. Even then, it's clear as mud and I've never actually got completely set up. I understand that with 9.1 we now have easy-RSA. How does easy-RSA help the process? Would someone mind writing a comprehensive tutorial for setting up OpenVPN, please?
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
I wouldn't expect a guide for that on this forum. It's not really part of the "core" of FreeNAS.
 

bebo75

Dabbler
Joined
Jul 28, 2013
Messages
18
Mmmm ok, that was a wow anout FreeNAS and understood loud and clear that this awesome tool is just intended as a home Network Storage Server, well just wanted to far could go, i myself don't want to risk my files, I'll check into Owncloud to see how would it work. I'll keep doing my HW lol


Sent from my iPhone using Tapatalk
 
Status
Not open for further replies.
Top