How to access FrontView in WAN

Hi James,

This is not exactly what you are asking, but accessing frontview from WAN might be a unwanted security risk.

Personally I use SSH tunneling to access my complete home network from WAN. IMHO this is the preferred way of accessing anything from WAN to your private network.

It requires, however, a SSH aware router or something else which can setup a SSH connection.

My setup simplified:

localhost:12345 tunneling => putty => WAN => WRT54GL router => readynas:443

If you want to know more about this approach, just let me know.

Fred

You can refer to my guide here on how to setup SSH tunneling on the ReadyNAS if you're router doesn't support it

Out of curiosity, how much of a security risk is it? I've opened Frontview up on the WAN, and I just point to "httpS://xxx.xxx.xxx.xxx/admin". I assume that "httpS" is "secure enough". I want to make sure I'm being as secure as I can be, but I also don't want to start messing around with SSH, etc.

fdullemond wrote:

Hi James, This is not exactly what you are asking, but accessing frontview from WAN might be a unwanted security risk. Personally I use SSH tunneling to access my complete home network from WAN. IMHO this is the preferred way of accessing anything from WAN to your private network. It requires, however, a SSH aware router or something else which can setup a SSH connection. My setup simplified: localhost:12345 tunneling => putty => WAN => WRT54GL router => readynas:443 If you want to know more about this approach, just let me know. Fred

Its not the transfer which is the problem..... because, as you mention already, it is secured by httpS.

As the URL you use can also be used by others on the web, someone might just Brute-Force your admin password... and if they succeed, then have total control over frontview.


This is a big enough security risc for me. I would not like someone to delete one of my shares from frontview...

Fred

P.S. Brute forcing in a browser is bothersome and timeconsuming, and therefore very unlikely. A real brute force attack will utilize unattended automated tools and speed per password check can be much higher than expected.

P.P.S. Ultimately it comes down to your 'sensitivity' to security and your perception of the risk you are actually taking.

Well since I posted last, I have installed SSH access on my ReadyNAS. Easy enough.

Now, what is the best way to access FrontView via SSH?

fdullemond wrote:

Its not the transfer which is the problem..... because, as you mention already, it is secured by httpS. As the URL you use can also be used by others on the web, someone might just Brute-Force your admin password... and if they succeed, then have total control over frontview. This is a big enough security risc for me. I would not like someone to delete one of my shares from frontview... Fred P.S. Brute forcing in a browser is bothersome and timeconsuming, and therefore very unlikely. A real brute force attack will utilize unattended automated tools and speed per password check can be much higher than expected. P.P.S. Ultimately it comes down to your 'sensitivity' to security and your perception of the risk you are actually taking.

Well since I posted last, I have installed SSH access on my ReadyNAS. Easy enough.

Please ellaborate this.... how did you do this....
Did you follow the guide LrdShaper mentioned ?
If not, did you install the Readynas Addon for SSH access ?


Depending on what you did to install SSH will dictate how to continue....

Fred

Hi James,

Form another thread I seen that you enabled SSH access to the readynas box....

This is not sufficient to secure your frontview access through wan....

Either follow the howto Shaper mentioned or use a approach with a router, like I can give you.

Fred

fdullemond wrote:

Hi James, This is not exactly what you are asking, but accessing frontview from WAN might be a unwanted security risk. Personally I use SSH tunneling to access my complete home network from WAN. IMHO this is the preferred way of accessing anything from WAN to your private network. It requires, however, a SSH aware router or something else which can setup a SSH connection. My setup simplified: localhost:12345 tunneling => putty => WAN => WRT54GL router => readynas:443 If you want to know more about this approach, just let me know. Fred

I'm really would like to know how to set it up.

Hi Emc,

Do you already own a openVPN enabled router (I use tomatoVPN/tomatoUSB as alternative firmware).
I can recommend both linksys WRT54GL(TomatoVPN) or Netgear WRN3500L(TomatoUSB).

Install tomatoVPN/tomatoUSB and configure through the tomato webinterface.... VPN Tunneling and create a server....

If you come at this stage let me know....

Fred

hi,
fdullemond: thx for reply I hadnt check forum for a while. My LAN looks like:
- DSL router wifi/modem (Asmax 1004g) connected of course to phone socket
- and all machines and NAS are conected thru wifi or cable to DSL router

but I got:
TL-WR1043ND with DD-WRT v24
So I want:
- disable wifi in dsl modem/router
- connect TL-WR1043ND WAN port to one of LAN port of DSL router/modem
- and connect all laptops/desktops/NAS to TL-WR1043ND

But I have problem to:
- configure DSL router (I thing just open all ports or something) to be transparent for all traffic since TL-WR1043ND (and here open only needed ports, ftp http(s), ssh, telnet) dont have a dsl modem
- and TL-WR1043ND

Anyway do you thing it is possible to get it working (generally). How to start to get it working...

br