Reach NAS Outside Network

Question

Hi everyone!I'm going to move with my girlfriend next week to a own appartment, but i'm going to be nice to my parrents and leave my NAS with them. (they using boxee to watch movies from nas)And i would like to be able to reach the NAS FTP from my new apparment so i could upload new movies etc.So i'm wondering, How could i be able to find NAS IP-number, and now i dont mean the 192.168.1.xCould some nice soul please help me with this matter?

StephenB · Answer

You need to forward ports in your parent's router, and also install/use ddns so you can find their router's external address using a name.  Here's a more detailed explanation: viewtopic.php?f=23&amp;t=58380

j0hanSE · Answer

StephenB wrote:You need to forward ports in your parent's router, and also install/use ddns so you can find their router's external address using a name.  Here's a more detailed explanation: http://www.readynas.com/forum/viewtopic.php?f=23&amp;t=58380Using ReadyNAS Ultra 2.*]Installation Notes: please read carefully1) After installing you must disable the service2) then edit the ddclient.conf in webroot/ddclient shareDone that.When will it update my dns? :p could i force it?

StephenB · Answer

The instructions in the link work for any ReadyNAS. The setup I posted is what I use on my Pro-6, as well as my NV+, duo, and RN102.

On ddns - You first need to register with a ddns service. Some are free, many are not.

Most newer routers allow you to configure ddns in their UI. The services usually also have a PC app you can install on your parent's PC. Both those options might be easier for you than modifying the linux config in the NAS. Note that in all cases, the ddns client is identifying the public IP address of your parent's router, and the ddns server then assigns a name to that. DDNS lets you reach the router, the port forwarding configuration in the router forwards the connection through the router to the NAS.

xeltros · Answer

You router has two set of IP adresses (it can have more on complex networks). One is called public IP address and the other private IP address (you seem to already know that but who knows who will read afterwards).
192.168.x.x, 172.16.x.x, 10.x.x.x are private addresses, meaning accessible locally only. Nearly all other adresses that you can see in a standard home network should be public adresses except 127.0.0.1.
So when you log to the router everything different from 192.168.x.x and 127.0.0.1 is your public address (you can type "my ip" in google too to get this one).

The goal is to update this IP as needed, the simplest way to do so is to get a fixed IP address from your provider or to create a shortcut with a Dynamic DNS service. Most routers are equipped with dyndns.com client and it's free as long as you log into the website once a month. Since you got only one public IP by internet connection, any device on your network can update this address, the router being the most logical since f it's rebooted it should update the client at boot time while the NAS won't. And since you need to do some conf on the NAS, I'd go for a setup in the router.

Then you have to tell your router that if something comes in from internet on a precise port (FTP being 20 and 21 TCP) then it should be followed to the router's IP. For that matter I advise to make sure the router always get the same IP. You can either set a fixed IP address directly on the NAS, or tell the router to always give the same IP to the NAS network card (identified by its MAC Adress).
To redirect the traffic you need to find out where it is on the router, it really depends. Some call this port forwarding/redirection, other call this NAT and for some it's in the firewall tab. By the way if you have firewall enabled, then you must set it to accept anything from port 20 & 21 TCP as well.

to summarize :
1°) get you public IP address to be fixed (either by your provider or by a dyndns service)
2°) make sure the NAS never change his IP
3°) redirect 20-21 TCP to the NAS IP
4°) allow 20-21 TCP to the NAS in the firewall.

Also keep in mind that FTP is (by far) not the most secure thing in the planet, I don't think that anyone would be interested in hacking a home network but if you have sensitive data on the NAS I advise to move them or to use something stronger than FTP (FTPS being the minimum, any kind of cyphered VPN being better but hard to setup).

StephenB · Answer

dyndns no longer offers free accounts to new users. Users who already have those accounts can continue to use them (I am one), but new users need to pay. There are some free services still out there, but I don't recall which.

The ultra-2 doesn't let you enforce ftps, but it will accept both ftp and ftps connections. I agree that it is better to use ftps than ftp. The filezilla client I use supports ftps. There are two methods to negotiate the use of ftps - explicit and implicit. You'd need to configure filezilla to use the explicit method (since that is what the ultra uses).

Unlike xeltros, I don't use port 20/21 (which are the default ports for ftp). Instead I use non-standard TCP ports in the 49151-65535 range. I suggest 4 passive ports (which is what I outlined in the link I posted above). Use of non-standard ports is (in my view) slightly more secure than using the expected port 21.

ReadyNAS Remote is a VPN service you could also use, but the performance was a bit hit-or-miss when I tried it (some time ago now). You could set up both Remote and FTP both of course, and try them out.

Forum Discussion

Reach NAS Outside Network

7 Replies

Related Content

Suddenly none outside can reach my network (Orbi RBR50)

R9000 + CM600 | Plex Server Not Available Outside of Network

checksumming outside of raid?

network

Sporadic timeout in internal network to reach BR200/BR500 (see attached network map)

NETGEAR Academy

ProSupport for Business