Setting up SSH & Port Forwarding for Remote Access.

[climb2bhi]

I am a total noob with this stuff, however I'm good with hardware and have built myself a very nice NAS box. It is enclosed in a large well ventilated gaming tower with six fans. It is currently running on a SUPERMICRO MBD-H8SMi-2-O motherboard with AMD Opteron 1218 2.6ghz, 2GB DDR2 800 SDRAM (soon to have 8GB DDR2 800 SDRAM), Dual-port Gigabit LAN/Ethernet, 6 SATA2 3.0 Gb/s HDD connectors on the motherboard, Plus 2 PCI-e SATA cards allowing for 6 more drives. 64-bit FreeNAS 8.0.3 installed on a 8 GB USB Drive. I have temporarily installed 2 500GB SATA drives just to test setting up and getting the system going. On the way are 6x 2TB SATA Advanced Format drives. Which I'm hoping will give me something like 8TB usable storage with ZFS. It all came together a week ago and I have had fun over the last week getting it up and running, creating user profiles, deleting users, enabling services, getting it running and then fooling with it until it breaks, resetting it and getting it all going again. All the while with out loosing a couple of test video files on the temp drives. It has been a real learning process since I know nothing about networking and dont speak Networkese. I am happy with the whole thing and look forward to putting a huge amount of movies, music, and photos on it, and streaming them to my home theater computer. I would like my girlfriend to be able to upload and download photos to it from her house so my next step is to enable SSH and try to get my router and DSL modem to allow her remote access using Filezilla. I do not have a static WAN IP (just learned what that is) so she will need to call me each time she wants to use it so I can give her my latest WAN IP. Which is fine. I have read the FreeNAS user guide and have a rough idea how to set up SSH with a user account for her. But I'm sure I'm missing some settings in my NAS and have no idea what to do with my router and DSL modem. Any instructions I could get to set this up would be greatly appreciated. Especially if they are in layman’s terms, and not in Networkese. (I'm still learning all of the acronyms used in networking). For example if you tell me to forward ports I have no idea how to do this. If you give me values to enter into certain fields then I can probably follow.

FreeNaAS server 192.168.1.10 (static) everything working on my LAN

D-Link DIR-825 Xtreme N Dual Band Gigabit Router which has features like:
Virtual Server- allows opening a single port
Port Forwarding- open a single port or a range of ports

Actiontec GT701-WG with lots of features and settings.

I'm not in a hurry and only hope to make a little progress towards this goal each night after work. I'm guessing this is child’s play for some here on this site. And I have also noticed as I have browsed forms here in search of knowledge that senior form members have been very helpful to noobs like myself. So kudos to all of the helpful folks here.

Thanks

 

[ProtoSD]

Hi Climb,

Just a quick tip to get you started (besides breaking your post up into paragraphs ;) ). Lookup and read about DDNS, your router surely has it and FreeNAS does also, you only need to choose one, I'd pick your router. DDNS will figure out your IP address and update a FREE web service like DynDNS.com with your address so you can use a domain name like "myhome-ip.com" for example and not need to have your girlfriend call you for your IP address everytime.

I'm sure others will have other suggestions, I just thought I'd throw you a quickie to get started.

 

[louisk]

I would also check out ExpanDrive. It will use ssh/sftp and have things show up as a gui browsable volume for windows or mac.
http://www.expandrive.com/

 

[ProtoSD]

Nice link/resource Louis, that should help a lot of non-techies. I'll have to add it to the FAQ.

 

[Joshua Parker Ruehlig]

dyndns.org doesn't offer new fre domains anymore ... they're are a few others though that most clients support. I think no-ip.com is good, and I like freedns.afraid.org

 

[climb2bhi]

Protosd,

Thanks, I like your three points.

1. Paragraphs. I was too focused on getting the technical info out to people who I view as guru's. So I just jammed it all out there worried about what obvious point I was forgetting to include. Made me smile though.

2. DDNS and DynDNS.com. Way more practical and efficient than the girlfriend calling for a WAN that lasts who knows how long. Also it is free.

3. Reading up on it rather than having it set up for me. I really do want to learn about all of this. And I like to know how the things that I own work so that I can fix them for myself, and friends. Also I'm in no real hurry to have this NAS online.

Louisk,

I looked at expandrive.com. It does look like a great piece of software and probably a better solution for my non tech savvy girlfriend than Filezilla. But since I'm too cheap to pay $5/ month for a static WAN address I'm also too cheap to buy expandrive's software. And my girlfriend will get the benefit of becoming more tech savvy having to learn her way around Filezilla or some other free solution.

Thanks again and I'm sure that the reading on DDNS will have me back here posting a new set of questions.

 

[climb2bhi]

Joshua,

I'll check out no-ip.com and freedns.afraid.org.
Thanks

 

[ProtoSD]

dyndns.org doesn't offer new fre domains anymore ... they're are a few others though that most clients support. I think no-ip.com is good, and I like freedns.afraid.org

Thanks, I wasn't aware of that. I've had my account for awhile ;)

 

[Joshua Parker Ruehlig]

Thanks, I wasn't aware of that. I've had my account for awhile ;)

I remember when they gave you 5 free subdomain from a huge array of choices, then they went to 2, then they dont allow people to create new ones unless your a premium member... At least I still have my 2 subdomains registered with them =]

 

[climb2bhi]

OK I'm still lost. After 3 days of reading, creating domains on no-ip.com and freedns.afraid.org. Changing every port forwarding setting in my DSL modem and D-Link router, and changing things in FreeNAS I'm getting nowhere.

I have spent 8 hours pounding on settings and I am having no luck.

Any help would be great.

 

[louisk]

perhaps you could provide more details on what you're trying, and what, if any, errors are still occurring or being logged. for example, a list of ports/protocols you're forwarding.

GL with getting a SO more tech savvy.

 

[climb2bhi]

Clearly I have no clue about this stuff. But these are my curent settings:

freedns.afraid.org:
1 subdomains
ever-fun.com
proliesure.ever-fun.com A 174.24.71.90
The IP address hits my DSL modem main menu page. proliesure.ever-fun.com Does nothing.

D-Link DIR 825 Router:
24 –– VIRTUAL SERVERS LIST
Name: NAS
Public Port 80
Protocol: Both
Schedule: Always
IP Address: 192.168.1.10
Private Port:80
Inbound Filter: Allow All

Enable Dynamic DNS : checked
Server Address : http://freedns.afraid.org
Host Name: proliesure.ever-fun.com
Username or Key :climb2bhi
Password or Key :*******
Verify Password or Key :*******
Timeout : 576 (hours)
Status : Disconnect

Actiontec GT701-WG DSL Modem:
List of Forwarded Ports:
80-80 tcp 192.168.1.10
80-80 udp 192.168.1.10
8080-8080 tcp 192.168.1.10
8080-8080 udp 192.168.1.10

FreeNAS settings:

Services: CIFS: on
Dynamic DNS: on

Dynamic DNS Settings
Provider: freedns.afraid.org
Domain name: proliesure.ever-fun.com
Username: climb2bhi
Password: *******
Confirm Password: *******
Update period: 300000
Forced update period: 300000
Auxiliary parameters:

 

[climb2bhi]

These may help:

207.150.194.182/...manuals/DIR-825_B1_Manual_1.01(WW).pdf
or
ftp://ftp.dlink.com/Gateway/dir825_revB/Manual/dir825_revB_manual_210.zip

http://www.actiontec.com/support/doc_files/GT701-WG_NCS_User_Manual_3.0.1.0.6.0.pdf

 

[climb2bhi]

Update:

Actiontec GT701-WG DSL Modem:
Reset all settings. So no port forwarding in currently setup.

proliesure.ever-fun.com Now hits my DSL modem main menu.

1 step closer.

 

[climb2bhi]

Changed port forwarding settings in Both Actiontec DSL and D-Link Router:
to match what is in the FreeNAS guide:
• TCP 139 (smbd)
• TCP 445 (smbd)
• UDP 137 (nmbd)
• UDP 138 (nmbd)
Still not able to get in.

 

[survive]

Hi climb2bhi,

Not to complicate things more than they are, but don't expose those ports to the whole internet! If possible you should limit them to the people you want to connect (e.g. IP of your buddy you want to share files to). Also keep in mind that your ISP may actually be blocking port the windows file sharing ports just because it is such a bad idea to pass them across the general internet.

-Will

 

[louisk]

Good that you're making the same changes on both the DSL modem and the router.

I've always used the following:
tcp/udp: 135, 136, 137, 138, 139, 445

FWIW, if you leave this open to the internet, I would be surprised if your box is not compromised in 24hrs. You need some way of restricting who is allowed to connect. I accomplished this by setting up pfSense as my router (I don't have a modem in front that does filtering) and using a VPN. This way I don't have to worry about people brute-force hacking my passwords, or finding smb/cifs exploits and getting inside my network.

 

[survive]

Hi guys,

I do the exact same thing....if they want remote access to me they have to be able to set up an IPSec tunnel to me, works great...

That said, standing up a pfSense box might be a bit much for the original poster though the multi-wan features would make their network connectivity much more sweet!

-Will

 

[ProtoSD]

Changed port forwarding settings in Both Actiontec DSL and D-Link Router:
to match what is in the FreeNAS guide:
• TCP 139 (smbd)
• TCP 445 (smbd)
• UDP 137 (nmbd)
• UDP 138 (nmbd)
Still not able to get in.

I'd also be surprised if your or anyone's ISP doesn't block those ports too.

 

[climb2bhi]

Thanks for the latest tips. And for everyone's concern for my security. That shows how nice folks here are.

For now I'm waiting for my 6x 2TB drives. So my FreeNAS box is completely empty except for a couple of test video files on a couple of small setup drives so I'm not too worried about exposing it today. However down the road I do want it secure and accessible. But only to my girlfriend. I was originally Going to use SSH and make her use something like a private key. But I know nothing about this or creating a IPSec tunnel. So I'm here looking for advice and instructions on how to do these things.

Waiting for more advice....