[Wylug-help] Remote access to NAS storage
Philip Wyett
philwyett at gmx.com
Tue Apr 14 18:57:33 UTC 2009
On Tue, 2009-04-14 at 19:45 +0100, Jim Jackson wrote:
>
>
> On Tue, 14 Apr 2009, Philip Wyett wrote:
>
> > On Thu, 2009-04-09 at 19:43 +0100, Roger Greenwood wrote:
> >> Hi all,
> >>
> >> I am looking to get a small NAS box (e.g. Netgear RND-2000, £200 with
> >> 500GB disk) but I also want to access it remotely (for backup purposes).
> >> Obviously this means me playing with router firewall settings, and
> >> knowing my IP address. IP is essentially static as it is logged on all
> >> the time (ISP Talk Talk, router smartAX 882). If it does change sometime
> >> in the future I can live with it.
> >>
> >> Local network devices are generally allocated a static IP in the range
> >> 192.168.x.x I have read some conflicting advice regarding use of DMZ or
> >> not, so am not sure about this. Any other NAS devices people have
> >> experience of, or other solutions also of interest.
> >>
> >> Any advice before I splash the cash, or notes of caution most welcome. I
> >> don't like changing firewall settings too much as I tend to break things
> >> when I play around!
> >>
> >> By the way, I should say that network connection and speed has been
> >> excellent so far (nearly 2 years now) so I don't want to switch ISP's.
> >>
> >
> > Dump your modem/router for one with dynamic dns support. Sign up for a
> > free account with DynDNS or whoever. Configure the router with that
> > DynDNS service and have a constant address that your router will update
> > and change IP addresses if it changes so you only ever need aim at one
> > address. Configure the necessary port forwarding to the new NAS in the
> > router and the jobs a good one! ;-)
>
> There are security concerns if you open up internal ports to all and sundry
> on the internet - you will be scanned, probed etc.
>
> So make sure you have security updates on your NAS box, or buy a NAS box
> that you can run a known distribution with security upgrades. Many NAS
> boxes can have Debian or Ubuntu installed or spcialist distros usually
> derived from Debian (mainly because they are ARM processor based).
> I'd not trust a NAS box without distro security support on the
> internet.
>
> Generally also tighten evethydown as much as possible. Only open up exactly
> those ports you must. If you know the IP address(es) of the other end of
> the backups check if you can arrange to only accept traffic to and from
> those addresses. Consider if you can arrange to connect via SSH or a VPN
> and run the backup over that connection.
>
Additionally if you would only use a certain number of machines, you can
employ Access Control Lists (by MAC address) at the inbound router if
supported.
Regards
Phil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.lug.org.uk/pipermail/wylug-help/attachments/20090414/02fee72d/attachment.pgp
More information about the Wylug-help
mailing list