How to access NAS while away from home?

Phunky Phish · 24 Nov 2008 at 12:07

Can anyone help me?
I have a Belkin N1 Vison router and a IB-NAS4220-B device.
All working fine within the home network.

I want to be able to access the NAS whilst away from home. I know I can start the FTP service, using DMZ move it outside of the router firewall, but this feels very unsecure.

How do I use prot forwarding? Or can I VPN directly to the NAS?

Help, I know nothing!

Skidilliplop · 24 Nov 2008 at 12:14

You can forward port 20 and 21 to the IP address of the NAS to get at it from outside. Be aware some ISP don't allow hosting of FTP services and thus block it. Personally i'd set it up to listen on a port like 5021 outside and forward that to port 21 inside. People looking to break in will see an open port 21 and know there's an FTP server there and are likely to snoop. A seemingly random port number open looks like an outbound connection that could be to anything and will attract less unwanted interest.

VPN is an option depending on the NAS you have. I'd need more detail to explain that to you.

Hodders · 24 Nov 2008 at 22:11

If you have a PC that you can leave on then configure it to accept an incoming VPN. That way you can VPN in and be on the 'home network'.

Google PPTP VPN windows XP for more details.

Skidilliplop · 25 Nov 2008 at 09:25

Note that to make the above work you will need to forward port 1723 to the VPN server (PC configured for VPN)

Phunky Phish · 25 Nov 2008 at 22:43

I got the NAS so I could leave my PC off.
Will try the random port forward for the FTP server.
Anyone recommend a good FTP software package?

russ0r · 26 Nov 2008 at 01:57

Skidilliplop said:
A seemingly random port number open looks like an outbound connection that could be to anything and will attract less unwanted interest.

An outbound connection? Outbound and inbound ports are completely different. It will still attract unwanted attention whether it's on port 21 or 65021.

@OP: I recommend Filezilla. Free, multi-platform, open source, nice user interface.
Probably stating the obvious but make sure the FTP server on your NAS is password protected as this is potentially going to be open to the whole internet. You don't want people chewing up your bandwidth

bledd · 26 Nov 2008 at 13:26

this is why i recommend people get an atom pc instead of NAS, more flexibility, less hassle

Phunky Phish · 26 Nov 2008 at 16:02

Most people who recommend a file server PC have spare bits laying round.
I sold all mine when I moved to my C2D, so it would be a fresh build for a Atom PC.
£75 for the NAS and £130 for the 2x1TB drives makes £205 all in. Can I build, from scratch, an Atom PC with 2x1TB drives in Raid1?

Skidilliplop · 27 Nov 2008 at 16:17

russ0r said:
An outbound connection? Outbound and inbound ports are completely different. It will still attract unwanted attention whether it's on port 21 or 65021.

@OP: I recommend Filezilla. Free, multi-platform, open source, nice user interface.
Probably stating the obvious but make sure the FTP server on your NAS is password protected as this is potentially going to be open to the whole internet. You don't want people chewing up your bandwidth

Source ports are generated from set ranges and listening ports are defined in set ranges. Discuising the listening port as a dynamically assigned port for a connection means people can't at a glance run a port scan and see port 21/20 open and instantly know you're running FTP software. It's by no means secure but it's better than jumping up and down waving a flag with FTP on it.

the only way to tell if a port is incoming or outgoing is to monitor trafic, a simple port scan won't reveal this. If traffic is being monitored then you've already attracted attention to yourself in another way and there's nothing you can do.

Filezilla is a good app, also supports SSL which is vital for use across public internet as FTP sends passwords in plain text.

smids · 27 Nov 2008 at 16:45

Phunky Phish said:
Most people who recommend a file server PC have spare bits laying round.
I sold all mine when I moved to my C2D, so it would be a fresh build for a Atom PC.
£75 for the NAS and £130 for the 2x1TB drives makes £205 all in. Can I build, from scratch, an Atom PC with 2x1TB drives in Raid1?

Doesn't need to be Atom. Given the architecture on which the Atom is based and the chipsets available being quite high power, you can get away with something like a P-III.

My file server is:

PIII-S 1.4Ghz Tualatin (Server version) (TDP: 29W)
512MB PC133 SDRAM
VIA PLE133T chipset
20GB 2.5" Seagate laptop HDU (O/S drive)
2x 80GB Hitachi SATA (to be replaced, but had these laying about doing nothing)
Enermax 285W Active PFC PSU

I have one of those power meter things and this draws 65W at full load from the socket.

I also have a VIA ITX 600Mhz unit laying about, which I might try out but when I tested it on its own yesterday, pulled 30W from the socket. I know this current unit draws double the power, but it is also quite versatile. I can remove the O/S drive and replace this with compact flash or similar but can't be bothered.

All the above can be had for very little and is not that much slower than an Atom (in fact, the P-III might indeed be faster than the Atom in certain tasks).

Anyway, on topic - I second filezilla, it's a great program for FTP like this.

bledd · 28 Nov 2008 at 10:55

Phunky Phish said:
Most people who recommend a file server PC have spare bits laying round.
I sold all mine when I moved to my C2D, so it would be a fresh build for a Atom PC.
£75 for the NAS and £130 for the 2x1TB drives makes £205 all in. Can I build, from scratch, an Atom PC with 2x1TB drives in Raid1?

will cost a bit more, but you get tons more flexibility. and can access the files directly instead of from another pc

Sp00n · 28 Nov 2008 at 11:48

What router do you have?

My DD-WRT enabled linksys allows me to vpn directly to it, then I WOL my pc, do what i need to do and then shut it down