I would like to be able to set up and access a NAS securely via an internet connection. I would like to use an existing linux server I own, so essentially I am looking for recommendations for which software would be ideal.
Asked
Active
Viewed 838 times
3
-
What clients will you be using to access your NAS? How far away from your machine will they be? Do you want to be about to mount your NAS remotely, or just use it for backup via rsync, etc? – Dave Cheney May 10 '09 at 12:05
-
Ideally, I would like the seamlessness of http://www.pogoplug.com, but without having to rely on a third party. Perhaps a WebDAB interface would be nice as it would appear as another drive under windows or mount point under *nix – Martin OConnor May 10 '09 at 22:47
3 Answers
3
Try FreeNAS. Don't use SAMBA, because it's a very chatty protocol, and it's not good for Internet access.
If you can, put it behind a firewall (IPCop is a good choice), enabling only the protocols you need (I'd suggest FTP or SFTP over a non-standard port). If you can't here is an iptables sample config that you can use on the same box (save it to /etc/iptables.up.rules for example):
*filter
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allows all outbound traffic
# You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
# Allows FTP from anywhere (modify port as necessary, or add more services)
-A INPUT -p tcp --dport 21 -j ACCEPT
# Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Allow ping (not necessary)
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
To use it:
$ iptables-restore < /etc/iptables.up.rules
To automatically load the rules on network up add the following to your network configuration file, after the loopback definition (/etc/network/interfaces on Debian/Ubuntu):
pre-up iptables-restore < /etc/iptables.up.rules
Ivan
- 3,172
- 4
- 25
- 34
-
-
+1 but i'm not marking as accepted because I want something to run on an existing ubuntu install, not dedicate the entire box to NAS – Martin OConnor May 13 '09 at 12:05
-
1
1
Most secure would be an VPN connection (ssh, OpenVPN, poptop...) and tunneled NAS (NFS, samba, iscsi...) protocol. Anything goes here.
But most easy and secure would be sshfs http://en.wikipedia.org/wiki/Secure_Shell_Filesystem , but it is not very Windows friendly.
Kazimieras Aliulis
- 2,324
- 2
- 26
- 46
-
There are 3rd party tools for Windows such as Expandrive, which will essentially give you sshfs-like access to a remote server. – Dave K May 10 '09 at 15:18
0
You could also use a web page based interface which connects over HTTPS. I know my NAS device from THUS has such a capability but dont know what Linux OS equivalents offer.
Also, with IIS you can traverse directorys, if Apache does the same then slap a HTTPS on it and away you go though that would only aloow downloads not uploads.
Otherwise a point to point VPN or VPN server would achieve a full 'network' experience.
Toby Mills
- 439
- 3
- 5