Remote access to plugins.

[clincha]

Hi,

New to FreeNAS and loving it. I have 4 plugins setup at the moment, namely SickBeard, CouchPotato, Plex and SABnzdb. I'm also going to overseas for 2 weeks and would like to check the status of downloads, series etc. Is there a way to gain access to the webGUI from overseas?

So far I've tried port forwarding to the ip-address of the NAS and the port of the plugin. I have a no-ip account that makes sure that I have the right ip address all the time. When I try to use the url or the ip to access I get the error: ERR_CONNECTION_REFUSED from chrome.

Is there security on freeNAS stopping me getting access to the plugins?

Thanks in advance for the help,

clincha

 

[Ericloewe]

Use VPN, don't forward ports. Exposing your server to the internet is a bad idea.

 

[anodos]

Port-forwarding is a terrible idea (from a security standpoint). Here are a couple of alternatives:

Alternative 1: Set up a VPN using PFSense and OpenVPN
This is technically the best option. It will be secure, give you full access to your home network, and give you the other many benefits of using pfsense. The main cons are that two weeks is not much time to learn what you are doing and get things set up right, and it will require redesigning your home network. Others can go more into detail if they want.

Alternative 2: Set up a separate SSH server on your internal network and access your FreeNAS via an SSH tunnel.
This is quick and dirty.

• Set up SSH server on second computer (I prefer using OpenBSD for these sorts of tasks).
• Configure key-based authentication. See manpages for sshd_config and ssh-keygen for more details.
• Forward port 443 on your WAN to port 22 on the SSH server (this gets around a lot of firewalls)
• Install foxyproxy add-on to firefox and create a socks5 proxy to 127.0.0.1:8080
• On your laptop establish the SSH tunnel "ssh -d 8080 -p 443 username@foo.com"
• Open Firefox, enable foxyproxy, and navigate to your web interface.

You are inside your network. I used this setup while overseas for a year and it worked fine. It allowed me to watch netflix without paying for a VPN service. Note that this will only give you access to your web interface. Since your SSH server is now internet facing, it's important to properly secure it (key based authentication, and maybe some pf rules to reduce brute-forcing attempts).

 

[clincha]

Okay, thanks for all the help guys but like you said, I don't have too much time. I want to have a better look into setting up the VPN when I'm back and at the moment I don't have the extra hardware to set up the SSH server. So could you guys help me out with just getting access through the port forwarding? I don't really have any secure things on the network so it's all fine there. Just need it for two weeks and then done.

 

[anodos]

Okay, thanks for all the help guys but like you said, I don't have too much time. I want to have a better look into setting up the VPN when I'm back and at the moment I don't have the extra hardware to set up the SSH server. So could you guys help me out with just getting access through the port forwarding? I don't really have any secure things on the network so it's all fine there. Just need it for two weeks and then done.

If you don't have the hardware, you can accomplish the same thing by creating a jail and port-forwarding to the ssh server running in it. Just remember to
(1) disable login as root
(2) a) make either a ridiculously secure password or b) use key-based authentication.

I won't discuss port-forwarding to your webgui admin page. That's just shooting yourself in the foot. If the data is valuable enough to build a dedicated server to host it, then it's valuable enough to protect.

 

[clincha]

Okay, So I think I'll do that. I'll use a jail and ssh to that and then ssh from there to Couchpotato webGUI and Sickbeard? Right? Now can someone explain how to do that in the simplists of terms?

Thanks again,

clincha

 

[pirateghost]

Okay, So I think I'll do that. I'll use a jail and ssh to that and then ssh from there to Couchpotato webGUI and Sickbeard? Right? Now can someone explain how to do that in the simplists of terms?

Thanks again,

clincha

Google.

SSH TUNNEL

Find a tutorial and an explanation. Understand it. Implement it for your system.

 

[clincha]

-----CLOSED-----

 

[anodos]

Okay, So I think I'll do that. I'll use a jail and ssh to that and then ssh from there to Couchpotato webGUI and Sickbeard? Right? Now can someone explain how to do that in the simplists of terms?

Thanks again,

clincha

Assuming that you administer the above items through a webgui, then the steps I listed above should be sufficient. The SSH tunnel will effectively put Firefox on your LAN and you will be able to access the webgui via ip-address like you normally would.