Access NAS from internet.

[iwrk4dedpr]

New poster ... So hopefully this is in the right forum.

I just upgraded my internet speed and modem and wireless router.  The router I have is Linksys WRT3200ACM.

A few years ago I bought a Buffalo Linkstation ..... atm the exact model eludes me but it has 4 hard drives in it .... I think.


I never did elect to do the Buffalo acct to access it via the internet.  However, I do now want to be able to access this NAS from some remote location if / when I need.

Here is the level of my knowledge.  I familiar with port forwarding / have used a vpn before but just used.  Have searched out answers and VPN's are talked about.  I don't want to have to use a 3rd party forwarding service I've tracked my IP address and it's pretty much always been the same.  I also know of various no-ip type services that have my ip updated from my network.

What I am looking for is the steps that need to be done to be able to "SEE" my NAS when I'm 3 states away and in some hotel.

I hate using 3rd party stuff.  Which is why I'm here.  How do I do it without a 3rd party acct of some kind ( except for like a no-ip service if I want it )

Basically i know my IP .... do I port forward / do I ftp / can I map a network drive ( like I was / am at home? )  I'm not a total noob but .... I know enough to be dangerous .. lol

Any help greatly appreciated.

[deanwebb]

OK, so here's the two sides of this issue:

1. CONVENIENCE: this is absolutely doable. You likely have an IP address from your ISP that, if not static, is likely either reserved or re-requested via DHCP. So you can almost always count on it being stable. You can open up a path to your NAS that is open to the entire internet. You would do this because you can't predict what IP address you'll have at the hotel/customer site/coffee house. Simple matter of hitting your home IP address on a given port and then that going over to the NAS.

2. SECURITY: Erm... how best to say this? 

DO NOT DO WHAT WAS OUTLINED IN 1, ABOVE!!!



You have *got* to make sure that there is a security layer or three between the raw, unfiltered Internet and your home network, in particular those files on the NAS.

Take a good look at what the Internet looks like before it goes through a firewall:



Not good. So although you *can* do what was described above, it will also leave your NAS totally open to pure evil. This is bad because it is not good.

So what you want is the ability to actually VPN back to your home network, as you cannot predict your source address at a given hotel. This means that you do NOT use a public VPN (most of which are either run by government agencies or are penetrated by government agencies or which don't do a very good job of encrypting) and use a home VPN solution.

If you stand up a Windows VPN server on your internal network, you will have the cheapest solution available. You will also have the least secure, as it requires the VPN to be terminated on the inside of your network, which is never ever a good place to terminate a VPN.

There are home/small business VPN appliances you can look into. You would basically set these up just inside of your ISP-provided router and require all traffic to pass through them. If a person can't establish a connection to the appliance, that person doesn't get to the internal network. There are still issues of keeping it patched and hardened, but they're much better issues than with the Windows VPN.

The VPN appliance, however, is in the "not cheap" category. I personally choose to load files from my NAS to my laptop or USB storage for travel and hope that I've copied over the correct files. Otherwise, a cloud solution like Dropbox would be secure and accessible from anywhere.

[iwrk4dedpr]

Well the security issues ... ok

But damn ... I thought this would be a much more doable.  Guess I'll have to keep looking ..... Learn more about VPN's.

Thanks

[Dieselboy]

Hey OP.
You'll need to check what is available on your NAS, does it have web access? And how secure is it? And is it up to date? You don't really want some internet scanner detecting a HTTP vulnerability on the nas web server and then getting around any authentication mechanism that you would normally have to use yourself to log in to the nas. Giving them full access to everything without any credentials while you yourself log in as normal, none-the-wiser.

I set up NAS access over the internet via HTTPS. I used a virtual machine called "owncloud". And I have linked that into our "NAS". I still need ports open to this VM but then the NAS is not directly reachable.

Your linksys might be able to flash openwrt onto it. From there, you might be able to run some kind of VPN server. I have openwrt on a tiny matchbox sized router and openvpn server is available there plus some others like openswan from the software repository. The linksys firmware may do l2tp/ipsec vpn server... I do not know, though.

Dean is right, VPN is the better way to go generally.

Take a good look at what the Internet looks like before it goes through a firewall:

If you can run a syslog of a permiter device and just watch a constant stream of "deny deny deny deny" where there are literally constant script-kiddies scanning the WWW for vulnerabilities.
As one example, I know of a guy that was working on deploying a database into a cloud provider. It was dev, so no real data there but fake data was uploaded. They opened up the firewall rule to allow them to access but did not disallow the rest of the WWW. Less than 24 hours later (the next morning) they arrived, connected to the db and all that was there was a message saying that the db had been deleted and to get it back, deposit a huge amount of bitcoin into some random account.

HTH

[icecream-guy]

I personally choose to load files from my NAS to my laptop or USB storage for travel and hope that I've copied over the correct files.

256 GB  USB sticks are like 50 bucks these days, if you can't copy the correct file, with that.  you have way tooo much data.

[deanwebb]

I personally choose to load files from my NAS to my laptop or USB storage for travel and hope that I've copied over the correct files.

256 GB  USB sticks are like 50 bucks these days, if you can't copy the correct file, with that.  you have way tooo much data.

This is true. I even have a 2TB USB drive. While not big enough for the entire Internet, it can carry a fair chunk of it.

[Dieselboy]

I personally choose to load files from my NAS to my laptop or USB storage for travel and hope that I've copied over the correct files.

256 GB  USB sticks are like 50 bucks these days, if you can't copy the correct file, with that.  you have way tooo much data.

I've started to see m.2 1TB drives going cheap lately. Even 500gb going for around $60aud. Thinking of getting an ebay special m.2 to usb3 adaptor
https://www.ozbargain.com.au/node/437906