[Wylug-help] Remote access to NAS storage

Roger Greenwood rogerg at rolla.co.uk
Wed Apr 15 13:59:25 UTC 2009 

-----Original Message-----
From: wylug-help-bounces at wylug.org.uk
[mailto:wylug-help-bounces at wylug.org.uk] On Behalf Of Philip Wyett
Sent: 14 April 2009 19:57
To: wylug-help at wylug.org.uk
Subject: Re: [Wylug-help] Remote access to NAS storage

On Tue, 2009-04-14 at 19:45 +0100, Jim Jackson wrote:
> 
> 
> On Tue, 14 Apr 2009, Philip Wyett wrote:
> 
> > On Thu, 2009-04-09 at 19:43 +0100, Roger Greenwood wrote:
> >> Hi all,
> >>
> >> I am looking to get a small NAS box (e.g. Netgear RND-2000, £200 
> >> with 500GB disk) but I also want to access it remotely (for backup
purposes).
> >> Obviously this means me playing with router firewall settings, and 
> >> knowing my IP address. IP is essentially static as it is logged on 
> >> all the time (ISP Talk Talk, router smartAX 882). If it does change 
> >> sometime in the future I can live with it.
> >>
> >> Local network devices are generally allocated a static IP in the 
> >> range 192.168.x.x  I have read some conflicting advice regarding 
> >> use of DMZ or not, so am not sure about this. Any other NAS devices 
> >> people have experience of, or other solutions also of interest.
> >>
> >> Any advice before I splash the cash, or notes of caution most 
> >> welcome. I don't like changing firewall settings too much as I tend 
> >> to break things when I play around!
> >>
> >> By the way, I should say that network connection and speed has been 
> >> excellent so far (nearly 2 years now) so I don't want to switch ISP's.
> >>
> >
> > Dump your modem/router for one with dynamic dns support. Sign up for 
> > a free account with DynDNS or whoever. Configure the router with 
> > that DynDNS service and have a constant address that your router 
> > will update and change IP addresses if it changes so you only ever 
> > need aim at one address. Configure the necessary port forwarding to 
> > the new NAS in the router and the jobs a good one! ;-)
> 
> There are security concerns if you open up internal ports to all and 
> sundry on the internet - you will be scanned, probed etc.
> 
> So make sure you have security updates on your NAS box, or buy a NAS 
> box that you can run a known distribution with security upgrades. Many 
> NAS boxes can have Debian or Ubuntu installed or spcialist distros 
> usually derived from Debian (mainly because they are ARM processor based).
> I'd not trust a NAS box without distro security support on the 
> internet.
> 
> Generally also tighten evethydown as much as possible. Only open up 
> exactly those ports you must. If you know the IP address(es) of the 
> other end of the backups check if you can arrange to only accept 
> traffic to and from those addresses. Consider if you can arrange to 
> connect via SSH or a VPN and run the backup over that connection.
> 

Additionally if you would only use a certain number of machines, you can
employ Access Control Lists (by MAC address) at the inbound router if
supported.

Regards

Phil

Thanks for the comments. ACL is possible on the router, dyndns can't
remember (have to look later).

The netgear box seems to have lots of help online, and is designed to be
accessed remotely. I haven't read all of the manual yet but it can be locked
down, so I have ordered one to have a play with - locally first. 

I am not intending to replace the custom linux, as updates etc are available
from netgear.

I am intending to run rsync within the local network, from various machines,
and then something similar from a remote location, probably via ssh. That
way I can't forget it. I get a bit paranoid about backups - I like to have
lots!

Best Regards,
Roger Greenwood 



Rolla Ltd
Atlas Mill Road,
Brighouse,
HD6 1ES   UK
Registration Number 480927
www.rolla.co.uk
Telephone +44 1484 710226

More information about the Wylug-help mailing list