Readycloud Replacement....again.... ReadyNAS212

---

JoVe34 wrote:

 

Please, could you explain a little bit more what for is your "move to the FTP route" and how you set up the "Filezilla" app on the laptop? Would this give remote (through the net) and selective access to the invited people?

 

---

One thing you should be aware of - this won't work with some internet service providers, because they don't allow (or cannot support) port forwarding.  This includes broadband internet services, including hotspots.  Some landline ISPs also use a technology called carrier-grade NAT - it won't work with them either.

On the NAS, you set up a local NAS account for each user.

Enable FTP for each share that you want them to access, and set it up something like this:

You want the passive ports to be in the range 49,152-65,535.  Other choices often work, but this range is dedicated to private/dynamic ports. Generally I've found that 4 passive ports for each simultaneous user is a good value.

I generally set the main port to one less than the passive port range.  This is a non-standard port value - slightly harder for an attacker, since they won't know for sure what service is behind the port.  But the main reason is that it lets me forward all the ports to the NAS in the router in one setting. (50001-50025 in this case).  Alternatively use the standard FTP port (which is 22).

In the router you will need to

• reserve the NAS IP address so it always be assigned the same address
• forward the passive and main ports to that IP address in the NAS
• set up DDNS with a DDNS provider so you can reach the router using a name.

Most routers do have DDNS - Netgear routers include a free service from noip.com that uses *.mynetgear.com names.

After you've forwarded the ports, check that they are open.  https://canyouseeme.org/ is one of several internet sites you can use to make that check.

In FileZilla, you set up the connection this way in the site manager:

NASusername is a placeholder for one ot the local NAS accounts you created above.  XXXXXX.mynetgear.com is the hostname for your router that you created when you set up the DDNS service. 

Then the user simply selects the NAS using the site manager, and it will connect to the NAS. 

If you better describe your situation, maybe we can guide you to the best solution.  You say you shared with 100 or so people via ReadyCloud, and want to give them "selective access" now that it's gone.  Does that mean you just want to share a few files with each, or complete shares/directories?  Do several share the same access level, or is each unique?

---

Sandshark wrote:

You say you shared with 100 or so people via ReadyCloud, and want to give them "selective access" now that it's gone. 

---

JoVe34 - I missed that number somehow.  I agree it'd be good to get a bit more clarity on the scope of what you are sharing, and how selective you want it to be.

Did all these people have ReadyCloud accounts on your NAS?  Was everything available to them in one share?  When you say "selective" - did they all have the same access?  Or was it different for different users.  How did you set up the access controls?  Did you set up multiple groups?

It'd also be useful to know how much data you are talking about.  One option would be to switch to a cloud service (dropbox, google drive, etc), and sync that with what is on the NAS.

Are there any known issues with proftpd and ssl from Linux over a BT Hom Hub 6 with ddns.net thrown in?

I have Filezilla / lftp on my laptop and AndFTP/FileMananger + on my phone.

From the phone I can connect to both the NAS's LAN and also via the port forwarded ddns.net WAN address. No issue.

If I try to connect to the ddns.net address from my laptop (Fedora core 36 and 38), it hangs - both Filezilla and lftp.

If I use the adresses at https://www.smartftp.com/en-us/support/kb/2779, I can connect to FTP/FTPS ok from both the phones and my laptop. The issue only appears to be the combination of my ddns.net address and Linux (ie my laptop) (although ftps.cs.brown.edu also hangs - but I think that server is down).

Is this a known 'thing'?

I have a firewall on my laptop, but I have tried disabling that and rebooting without a running firewall and still get the hanging issue on ddns.net.

---

steveTu wrote:

 

If I try to connect to the ddns.net address from my laptop (Fedora core 36 and 38), it hangs - both Filezilla and lftp.

If I use the adresses at https://www.smartftp.com/en-us/support/kb/2779, I can connect to FTP/FTPS ok from both the phones and my laptop. The issue only appears to be the combination of my ddns.net address and Linux (ie my laptop) (although ftps.cs.brown.edu also hangs - but I think that server is down).

 

---

ARe you seeing this both when the laptop is connected to your home network, and when it is not?

Do you have masquerading enabled on the NAS?

I quickly tried my laptop from my daughter's home network and got the same '20 second' timeout in filezilla (lftp just seems to hang) - but it was a quick test, as I was doing other stuff. Typically my laptop stays here on my LAN.

No, masquerading isn't set in the FTP settings on the NAS.

---

steveTu wrote:

I quickly tried my laptop from my daughter's home network and got the same '20 second' timeout in filezilla (lftp just seems to hang) - but it was a quick test, as I was doing other stuff. Typically my laptop stays here on my LAN.

 

No, masquerading isn't set in the FTP settings on the NAS.

---

This is happening at login, not when doing a data transfer.  So it is failing to connect to the FTP control port of the NAS, and not to the passive ports used for data.

Check that the control port is forwarded in your router to the NAS.

Then confirm that the control port you are using is actually open.   You can use https://canyouseeme.org/ on your home network for this. 

If it isn't actually open, then you might double-check that you aren't double-routing.  (that's not the only possibility, but it is a common one).

If you are using port 22, then try using a different port in the private port range (49162-65535), and see if you get the same results.

If you have Enable Force FTPS enabled on the NAS, then you want to make sure you are using "use explicit TLS if available" in FileZilla.  Implicit TLS will not work.

The router would appear to be ok as the phone connects (two apps) - both using the ddns.net address and port 49999.

The only ports forwarded on the Home Hub are for Plex on 32400 and the NAS on 49999-50500. Port 49999 is open as shown by https://portchecker.co/.

proftpd is configured for both Enable FTPS and Enable Force FTPS - it has port 49999 and passive 50000-50500.

I'm not sure this is the right place for this, as I don't think it's a NAS issue - but I can't see where the issue is. It seems more likely so far to be my Fedora laptop - so outbound, but I can't see anything on there so far.