Web GUI from internet

Merxa

Cadet
Joined
Feb 3, 2020
Messages
7
When I try to access the Web GUI from the Internet, I connect, but the process does not go beyond this window (I attach the picture). If you try to log into the local network, then everything is fine. I have a gray IP address and I'm using keenetic's DNS, since I have their router. How to solve a problem? Before that, there was OMV 5 and everything was wonderful,
but I want to install FreeNAS.
 

Attachments

  • SharedScreenshot.jpg
    SharedScreenshot.jpg
    11.7 KB · Views: 676

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,464
When I try to access the Web GUI from the Internet,
...you expose your entire system to hackers, crackers, and script kiddies all over the world. Don't do this; FreeNAS isn't designed or hardened for exposure to the public Internet. If you need remote access, you need to set up a VPN.
 

Merxa

Cadet
Joined
Feb 3, 2020
Messages
7
...you expose your entire system to hackers, crackers, and script kiddies all over the world. Don't do this; FreeNAS isn't designed or hardened for exposure to the public Internet. If you need remote access, you need to set up a VPN.
I understand the risks, but nevertheless, is this even possible to implement?
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
I understand the risks, but nevertheless, is this even possible to implement?

Of course it is. It's just your NAT gateway (the thing people mistakenly call a "router") is probably interfering somewhat. But pay attention to what @danb35 said. Don't do it.
 

Merxa

Cadet
Joined
Feb 3, 2020
Messages
7
Of course it is. It's just your NAT gateway (the thing people mistakenly call a "router") is probably interfering somewhat. But pay attention to what @danb35 said. Don't do it.
And can you more precisely what exactly can interfere? Unfortunately, I cannot refuse to use a router. I have a Keenetic Giga KN-1010
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
Don't know offhand. The webUI works fine through an actual router, of course. Perhaps you should follow the advice and set up a VPN.
 
Joined
Jul 2, 2019
Messages
648
I understand the risks, but nevertheless, is this even possible to implement?
There are things that you can do, and things that you should do.

Personally, even though I only use FreeNAS for home (personal) use I would not expose it directly to the Internet. FreeNAS is a storage appliance, not a security appliance (e.g., pfSense, commercial product, etc.). I would not even put the pfSense in a FreeNAS jail as the risk increases (e.g., fat fingers) in the jail/network configuration. Even my donkey-year's old Asus router has the ability to act as a OpenVPN server with dynamic DNS.

Of course, it is your data and you need to determine the risk you are willing to accept.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,464
I believe the problem you're encountering (though your screen shot doesn't help me here, as I don't read Russian) deals with the fact that the "new" (default since 11.2) GUI communicates on ports other than 80 and 443. Unfortunately, I don't know which other ports those are, so this isn't likely to help you much--but it might point you in the right direction. Or just use a VPN.
 

Merxa

Cadet
Joined
Feb 3, 2020
Messages
7
I believe the problem you're encountering (though your screen shot doesn't help me here, as I don't read Russian) deals with the fact that the "new" (default since 11.2) GUI communicates on ports other than 80 and 443. Unfortunately, I don't know which other ports those are, so this isn't likely to help you much--but it might point you in the right direction. Or just use a VPN.
I myself set the static ip address and Web GUI port in the FreeNAS settings, transferred this port in the router.
 

Merxa

Cadet
Joined
Feb 3, 2020
Messages
7
And what is the philosophy of "protection"? Why do I need a NAS, if I can’t upload my files to it, via FTP, from the network. If you are already worried about the safety of data, it is easier to completely abandon the NAS.
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
A NAS is a storage appliance, and can be accessed in many ways, with many protocols, not just FTP.

You seem to be expecting the NAS to function as a public FTP server. This is not something FreeNAS is designed for. Internet-facing servers have to be designed with extra security considerations in mind. It is fine for private on-net FTP, but would be difficult to appropriately secure as a public FTP server on the Internet.
 
Joined
Jul 2, 2019
Messages
648
@Merxa - No one is saying not to access the NAS; rather, it is to do it in a safe manner. When off your network, which one would assume that your would trust all the devices and people using, you should use a secure way of accessing the NAS. This is typically done using a VPN such as OpenVPN that your firewall will filter access. For example, your firewall would use NAT to expose your VPN server and only on a specific port (or ports).

You can set up a pfSense firewall on really cheap hardware quite easily behind your ISP's router (just set up a port on the ISP's router in bridged more). You just need an old PC with two network card. pfSense supports OpenVPN out-of-the-box. There are lots of tutorials on YouTube in setting it up.
 
Joined
May 13, 2021
Messages
22
How to solve a problem?

sounds like you are creating more problems for yourself. serious problems, like hackers eventually exploiting a vulnerability (it's not a matter of if, but when....). Then you will get screwed over.

If you must use remote, use a VPN. Not simply exposing your nas (especially the management UI to online), that's just begging for trouble...

No one is saying not to access the NAS; rather, it is to do it in a safe manner.

i 2nd this. essentially this is what we are advising you. just use VPN........

either pfsense router with vpn server, OR you can do pivpn



for plex you might be able to port forward that 32400 without issue. Haven't heard much of a security risk about that in regards to plex.
 
Top