Due to the immense popularity of my blog article on how to configure a NAS4Free server on a Windows network, I decided to do a simple follow up on how to configure that same server for access over the Internet. Well actually, a comment made by user Austin prompted me to write this article. He was thrilled about my original article and wondered how he could achieve external access for his NAS4Free box as well. Because your NAS4Free server technically should be powered on 24/7 anyways, many users might want to be able to access it over the Internet at any time and any place just so long as they have an internet connection. Luckily, configuring it for such access is relatively simple for the most part. I am actually quite surprised at the amount of hits my original article is receiving on a daily basis because I didn’t actually think that that many people out there is interested in NAS4Free! When I first wrote the article, it was just something I wanted to do for fun since I went through a lot of pain of getting it setup for an actual friend. I wanted to spare others from experiencing the same hassle and so I documented the process. I really hope that users looking for a way to “Internet enable” their NAS4Free server will also find this article useful!
For the most part, there are two different methods that most home users can remote in to their NAS4Free server at home. Everything depends on how your Internet service provider assigns you your public IP address. Let’s go over the first and most easiest method.Here in this article, I am assuming that you already have a NAS4Free server up and running following my tutorial. Also, this tutorial does not go into extreme details on how to securely configure the remote access. Using SSH is a lot more secure than regular FTP but that’s about it as far as configuration goes here.
For most environments, especially in a simple home network, a user gains access to some server behind their router/firewall by configuring port forwarding. Think of a “port” as a doorway into your network. For many services, they will have different port numbers assigned to them. I actually have written an article way back then explaining a bit about ports. Please go over the article if you want to understand a bit more on just what it is.You can read the article “Scan Your Network Ports for Vulnerability” here.
Suffice it to say, we need to enable port 22 in our home router and point it to the internal IP address of our NAS4Free server. And….that’s it. It really is that simple!
You can see below how I have logged into the web management interface of my home Linksys router. I head over to the Applications and Gaming tab and select the “Port Range Forward” section. I simply make a new entry for my NAS4Free server and that is all there is to it.
Now comes the access part. If you followed my original article, then you should already be familiar with the WinSCP utility. It was this utility that we used to configure permissions on the folders for our users. We are going to be once again using this utility to remotely access our NAS4Free server. WinSCP allows us to remotely upload and download files to and from our server. Of course, the hard part is getting our computer to actually see that server when we are not within the local area network. With our port forwarding configuration in place, this shouldn’t be a problem any more.
The first thing we need to do is find out our current public IP address. Our public IP address IS NOT the internal IP address of our computer. This is the IP address that your ISP has assigned to you that actually allows you to connect to the Internet. To find this address, simply head over to www.whatismyip.com. This website will let you know what your current public IP address is. Write it down because we need it to access our server when we are away from our home network.
Once we have this information, we now have everything needed to remotely access our NAS4Free server. First, fire up WinSCP. Leave the File Protocol to ‘SFTP’. In the host name field, type in your public IP address. DO NOT type in the actual internal IP address of the NAS4Free server! The port number shall remain at 22 unless you have changed it. The user name should be “root” and the password is whatever password you’ve set. On a default NAS4Free server, the default password is “nas4free”.
Once connected, you can see that I can easily access my mount point and browse through my server as usual. With WinSCP, I can easily drag files back and forth between my local computer and the server at home.
As you can see, it’s not that hard to give remote access to our NAS4Free server. However, this scenario of simply configuring the port forward range and nothing else is only for the lucky few who have public IP addresses assigned to them via their ISP that rarely change. For many others, their ISP will most likely dynamically assign them a different public IP address every couple hours or days. As you may have already figured by now, we rely on this public IP address to remote in to our NAS4Free server. If the address changes every couple hours or days, we need to manually first check what our public IP address is before we can initiate the connection with WinSCP. This can be a big hassle because how are you going to do this when your home server resides in California and you yourself is physically in Miami?! Also, who’s to say that the IP address you jotted down before you left your house didn’t change when the time comes for the actual connection? If that happens, you’ll have no way of connecting back to your server because once again, you’ll have no way of figuring out what your current public IP address is unless you have some third party tool or utility that can give you this information.
Luckily though, there are services out there that aims to help solve this headache.
Port Forwarding + Dynamic DNS
There are many services out there, paid and free, that allows home users to contact their internal servers from outside the Internet even though their public IP address changes often due to how their ISP behaves. How it works is simple. In my previous example, you saw that I had to manually enter in my IP address number into WinSCP. However, that “number” can change at any time and remembering a sequence of numbers in general is difficult for many users. It is much easier to remember “names” instead. When was the last time you entered in the IP address of 188.8.131.52 to access Facebook rather than www.facebook.com?
For this tutorial, I chose the service from noip.com to provide me with dynamic DNS services. The service is free to use and should get the job done for most home users who simply just want to connect to their NAS4Free server across the Internet and nothing more.
First we need to sign up for a free account from this webpage here. You can clearly see that with a free account, we don’t have much choices where domain name pickings are concerned. For free accounts, I have no choice but to stick with the domain name ending with .no-ip.biz. For the actual host name, I chose ‘mynas4free’. So, the actual and final name that gets mapped to my public IP address would be ‘mynas4free.no-ip.biz’.Once you have created your account, noip actually allows you to create another host with much more domains to pick from. They have a section for paid accounts and options for free accounts. I have no idea why they don’t includes these domain names during account creation. For each free account you create, noip allows you to create up to three hosts. Therefore, if you really hate your domain name ending with no-ip.biz, don’t fret.
Once we have activated our account with noip.com, we can then begin managing it. Well, actually, there’s nothing to manage!
For the most part, we are done here, if you can believe it! When you signed up for noip, it should have automatically detected your public IP address provided that you signed up on a computer within your home network. What we now need to do is head into our NAS4Free web GUI management pane and tell it our new configuration. Head over to Services –> Dynamic DNS. Hit the Enable check box in the top right corner. In the provider drop down menu, select no-ip.com. Fill in your domain name and also the user name and password you use to log into your noip.com account. The important part here is telling NAS4Free how often it should check your IP address to see if it has changed. You can also force it to update even if your IP hasn’t changed. I’ll leave the setting here for you to decide. Just remember that the interval is in seconds.Noip.com actually has a software client for Linux operating systems. However, I am not too familiar with installing software on a Linux box so I’m skipping this option and instead relying on NAS4Free’s internal settings instead. My ISP actually does not change my IP address. I’ve been with them for 10 years or so and for as long as I can remember, I’ve always had the same IP address. To test whether or not the settings within NAS4Free would work or not, I could not rely on my ISP changing my IP address. Instead, what I had to do was deliberately change my IP address within the noip control panel to something other than my actual public IP. Sure enough, NAS4Free reconfigured the settings to match that of my actual IP address! This proves to me that the settings actually do work and so no installation of any client software is needed on your NAS4Free box. Hooray.
Once the settings have been saved, it’s time to test the connection, preferably from a computer that is not within your home network. Once again, fire up WinSCP and this time, type in your noip domain name instead of your public IP address in the host name field. All the other fields should remain the same as before such as port number, user name and password. As you can see below, I once again have successfully connected to my internal NAS4Free server!If you are getting an error, please remember that you still must port forward the correct port within your router to your server! If you haven’t, then you’re basically shutting the “doorway” of communication with your server.
Just for fun, if you do a simple ping of your domain name, it should resolve right back to your public IP address.
As a friendly reminder, using a service such as noip to reach your internal server is exactly just that. It maps the name you’ve chosen to your public IP address and more importantly, it updates it when it detects a change. Although you can sign up and pay for additional features, it is not required at all should you just require something rudimentary like what we are doing here and like I’ve mentioned earlier, most home users will not require something more advance than this. Once you have connected to your server at home, whatever it is you upload or download is completely dependent on whatever Internet connection you are using at the moment. It doesn’t matter if you upload/download 1MB of file or 1GB. Noip is completely irrelevant at that point once the connection has been established, sort of. Just think of it as the middle man.
If you’re point A and you want to talk to point C, then you’ll have to first talk to point B because point B is the one who knows how to reach point C.
Anytime we open “holes” and “doorways” in our router/firewall, we have to be very cautious where security is concerned because that is one more avenue for an attacker to enter from. When you do open up your NAS4Free server to Internet access, you absolutely want to make sure that you use as strong a password as you can to protect the root account and pretty much any other account as well. You have to remember that your server is powered on 24/7 and your Internet connection is most likely enabled 24/7 as well. Therefore, if you can access your server remotely over the Internet, so can an attacker. Of course, the chances of this happening can be slim but that doesn’t mean it’s impossible.
To give your other users the ability to also SSH into your NAS4Free server while away from home, you’ll need to make a simple change in their user account properties. In the ‘Shell’ drop down menu, simply select ‘SCPONLY’. This option allows the user to remote in to the server and access only the folders they have access to. The weird thing is that they can still view and copy important system files on the server but they can’t delete the files nor add anything to those system folders. Also, please remember to remind your users that their user name IS CASE SENSITIVE! The user Bob is not the same as bob! It drove me nuts initially so please don’t make the same mistake. Oh and of course, they will need to learn how to use WinSCP as well.
Another thing you can do is periodically check your system log files for any malicious attempts to enter your system. Of course, a malicious user could simply erase and clear out your log but if that happens, then that obviously is a red flag to begin with. You can check your log file under Diagnostics –> Log. In the drop down box, select to view the SSH log file.
In the End…
As you can see, even if you understand just a tiny bit of how DNS works, then you’ll also understand how it is that we can remotely connect to our internal NAS4Free server within our internal home network from outside the Internet. Once you are able to do so, then you can safely retrieve your files any time and from any place as long as you have a decent Internet connection. However, this sadly is not always the case. You could be stuck for example in a hotel where the network team decides to block access to all ports but a few necessary ones such as browsing web pages and sending/receiving email. Because we are using port 22, which is a well known port number for the FTP protocol, we can find ourselves locked out from our home server. As a safety precaution, you can configure your NAS4Free server to use a different port well beforehand. Not only is this a bit more safe but it might also help get you out of a sticky situation.