NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
afairlie
Jul 26, 2019Aspirant
Connecting a ReadyNAS iSCSI to a remote server
Hello, I'm trying to connect to my ReadyNAS from my server at work via iSCSI. The server discovers the target but when I try to connect it hangs for about two minutes and finally errors "Connecti...
- Jul 29, 2019
I did a quick test with a RN214 and, just for the record, it does return the IP address assigned to its LAN interface in response to a 'SendTargets' from the initiator. So in the case of your home router, the DMZ setup on it (at least per the quick glance I took at the manual for it) still peforms NAT (as StephenB explained) as the IP address assigned to the devices on the DMZ are still private IP addresses. In order for this to work over the Internet without a VPN or other tunnel you'd need to have the ReadyNas on the same segment as the 'Internet' interface with an IP address in the same subnet as the Internet interface of your home router. Also, as StephenB mentioned, I'd not do that with anything I even remotely considered valuable.
I think you'll have success with the VPN connection method and your use-case for this sounds feasible (small files/infrequent use) given the bandwidth you have provided your Internet connections aren't being heavily used otherwise.
Good luck with it!
radu7
Jul 27, 2019Aspirant
When you placed the ReadyNAS in your DMZ it was assigned routable/public IP address, correct? If that is the case I do not see, off-hand, why that would not at least connect. How well iSCSI would actually work over the WAN would, of course, depend on available bandwidth, QoS, etc... as iSCSI isn't typically used in WAN environments or on routed networks in general (unless we are speaking of L3 switches). Being a block-level protocol it requires high-throughput/low-latency connectivity to work reliably.
The other scenario you describe (with NAT/port-forwarding) typically fails as, even though the initial connnection seems to work, the logon fails because the target will return its private IP to the initiator and the initiator will use that private IP to attempt to complete the logon and the attempt will fail. You can see this if you use Wireshark or other network packet/protocol analyzer software to capture the iSCSI session attempt and look at the decoded traffic.
Using a site-to-site VPN or other tunnel between the two networks would be the easiest way to get this going if that is an option for you at all.
My honest recommendation though (not that you asked for any recommendations), unless you are doing this just for acedemic purposes or to see if it will work just for fun, is to not use iSCSI in this scenario unless you have a 1Gbps or better WAN connection and can guarantee dedicated bandwidth for the iSCSI traffic via QoS. Best case scenario if you get it working is that it will still probably leave you disappointed with the performance. Worse case is you'll get more data corruption that you bargained for.
I'm interested in hearing about how you get on with this though if you decide to pursue it further though.
radu7
Jul 27, 2019Aspirant
Here's a bit more information on the issue:
Appendix B, section B.1, third bullet point, RFC3721 (iSCSI Naming and Discovery)
https://tools.ietf.org/html/rfc3721#page-16
- When an iSCSI discovery connection is to be used through a port redirector, a target will have to be configured to return a domain name instead of an IP address in a SendTargets response, since the port redirector will not be able to map the IP address(es) returned in the iSCSI message. It is a good practice to do this anyway.
If such a configuration change on the RN424 iSCSI target is possible for the SendTargets response you could then place an entry in your local DNS or server host file for the host/domain that is returned and point that to your external IP on your home router. I have a feeling such a change is beyond the scope of 'normal usage' for the RN424, but perhaps someone who knows a bit more about the underlying iSCSI functionality of the device could shed more light on that.
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!