Configuring Remote Access for NAS4Free

Due to the immense popularity of my blog article on how to configure a NAS4Free server on a Windows network, I decided to do a simple follow up on how to configure that same server for access over the Internet. Well actually, a comment made by user Austin prompted me to write this article. He was thrilled about my original article and wondered how he could achieve external access for his NAS4Free box as well. Because your NAS4Free server technically should be powered on 24/7 anyways, many users might want to be able to access it over the Internet at any time and any place just so long as they have an internet connection. Luckily, configuring it for such access is relatively simple for the most part. I am actually quite surprised at the amount of hits my original article is receiving on a daily basis because I didn’t actually think that that many people out there is interested in NAS4Free! When I first wrote the article, it was just something I wanted to do for fun since I went through a lot of pain of getting it setup for an actual friend. I wanted to spare others from experiencing the same hassle and so I documented the process. I really hope that users looking for a way to “Internet enable” their NAS4Free server will also find this article useful!

For the most part, there are two different methods that most home users can remote in to their NAS4Free server at home. Everything depends on how your Internet service provider assigns you your public IP address. Let’s go over the first and most easiest method.

Here in this article, I am assuming that you already have a NAS4Free server up and running following my tutorial. Also, this tutorial does not go into extreme details on how to securely configure the remote access. Using SSH is a lot more secure than regular FTP but that’s about it as far as configuration goes here.

Port Forwarding

For most environments, especially in a simple home network, a user gains access to some server behind their router/firewall by configuring port forwarding. Think of a “port” as a doorway into your network. For many services, they will have different port numbers assigned to them. I actually have written an article way back then explaining a bit about ports. Please go over the article if you want to understand a bit more on just what it is.

You can read the article “Scan Your Network Ports for Vulnerability” here.

Suffice it to say, we need to enable port 22 in our home router and point it to the internal IP address of our NAS4Free server. And….that’s it. It really is that simple!

You can see below how I have logged into the web management interface of my home Linksys router. I head over to the Applications and Gaming tab and select the “Port Range Forward” section. I simply make a new entry for my NAS4Free server and that is all there is to it.

Port Forward

Now comes the access part. If you followed my original article, then you should already be familiar with the WinSCP utility. It was this utility that we used to configure permissions on the folders for our users. We are going to be once again using this utility to remotely access our NAS4Free server. WinSCP allows us to remotely upload and download files to and from our server. Of course, the hard part is getting our computer to actually see that server when we are not within the local area network. With our port forwarding configuration in place, this shouldn’t be a problem any more.

The first thing we need to do is find out our current public IP address. Our public IP address IS NOT the internal IP address of our computer. This is the IP address that your ISP has assigned to you that actually allows you to connect to the Internet. To find this address, simply head over to www.whatismyip.com. This website will let you know what your current public IP address is. Write it down because we need it to access our server when we are away from our home network.

Public IP

Once we have this information, we now have everything needed to remotely access our NAS4Free server. First, fire up WinSCP. Leave the File Protocol to ‘SFTP’. In the host name field, type in your public IP address.  DO NOT type in the actual internal IP address of the NAS4Free server! The port number shall remain at 22 unless you have changed it. The user name should be “root” and the password is whatever password you’ve set. On a default NAS4Free server, the default password is “nas4free”.

WinSCP Connect

Once connected, you can see that I can easily access my mount point and browse through my server as usual. With WinSCP, I can easily drag files back and forth between my local computer and the server at home.

Connected

As you can see, it’s not that hard to give remote access to our NAS4Free server. However, this scenario of simply configuring the port forward range and nothing else is only for the lucky few who have public IP addresses assigned to them via their ISP that rarely change. For many others, their ISP will most likely dynamically assign them a different public IP address every couple hours or days. As you may have already figured by now, we rely on this public IP address to remote in to our NAS4Free server. If the address changes every couple hours or days, we need to manually first check what our public IP address is before we can initiate the connection with WinSCP. This can be a big hassle because how are you going to do this when your home server resides in California and you yourself is physically in Miami?! Also, who’s to say that the IP address you jotted down before you left your house didn’t change when the time comes for the actual connection? If that happens, you’ll have no way of connecting back to your server because once again, you’ll have no way of figuring out what your current public IP address is unless you have some third party tool or utility that can give you this information.

Luckily though, there are services out there that aims to help solve this headache.

Port Forwarding + Dynamic DNS

There are many services out there, paid and free, that allows home users to contact their internal servers from outside the Internet even though their public IP address changes often due to how their ISP behaves. How it works is simple. In my previous example, you saw that I had to manually enter in my IP address number into WinSCP. However, that “number” can change at any time and remembering a sequence of numbers in general is difficult for many users. It is much easier to remember “names” instead. When was the last time you entered in the IP address of 31.13.75.1 to access Facebook rather than www.facebook.com?

By using a dynamic DNS service, we essentially map a name to our IP address so that anytime we need to contact our servers within our internal home network, we can use that name instead of our actual public IP address! That however is not the most important part. What we need is for the service to correctly detect any time we have an IP address change and be able to automatically remap our domain name to that new address. Luckily, most of the services are able to do this. However, because most of them require a software client to be installed for this to work and because they are mostly for Microsoft Windows operating systems, we are out of luck being that we are using NAS4Free. But worry not. NAS4Free actually has a built-in service that allows us to automatically enter in our dynamic DNS info and have it automatically update the information for us all without having to download and install anything!

Now is a good time to go over my three part article explaining just what DNS is and how it works. Although it is not essential, it does give you a better look at how the Internet works as a whole and also why such a service is necessary if you want to be able to reach your internal home server no matter where you physically may be located at in the world.

For this tutorial, I chose the service from noip.com to provide me with dynamic DNS services. The service is free to use and should get the job done for most home users who simply just want to connect to their NAS4Free server across the Internet and nothing more.

First we need to sign up for a free account from this webpage here. You can clearly see that with a free account, we don’t have much choices where domain name pickings are concerned. For free accounts, I have no choice but to stick with the domain name ending with .no-ip.biz. For the actual host name, I chose ‘mynas4free’. So, the actual and final name that gets mapped to my public IP address would be ‘mynas4free.no-ip.biz’.

Once you have created your account, noip actually allows you to create another host with much more domains to pick from. They have a section for paid accounts and options for free accounts. I have no idea why they don’t includes these domain names during account creation. For each free account you create, noip allows you to create up to three hosts. Therefore, if you really hate your domain name ending with no-ip.biz, don’t fret.

Free Name

Once we have activated our account with noip.com, we can then begin managing it. Well, actually, there’s nothing to manage!

Manage Account

For the most part, we are done here, if you can believe it! When you signed up for noip, it should have automatically detected your public IP address provided that you signed up on a computer within your home network. What we now need to do is head into our NAS4Free web GUI management pane and tell it our new configuration. Head over to Services –> Dynamic DNS. Hit the Enable check box in the top right corner. In the provider drop down menu, select no-ip.com. Fill in your domain name and also the user name and password you use to log into your noip.com account. The important part here is telling NAS4Free how often it should check your IP address to see if it has changed. You can also force it to update even if your IP hasn’t changed. I’ll leave the setting here for you to decide. Just remember that the interval is in seconds.

NAS4Free Settings

Noip.com actually has a software client for Linux operating systems. However, I am not too familiar with installing software on a Linux box so I’m skipping this option and instead relying on NAS4Free’s internal settings instead. My ISP actually does not change my IP address. I’ve been with them for 10 years or so and for as long as I can remember, I’ve always had the same IP address. To test whether or not the settings within NAS4Free would work or not, I could not rely on my ISP changing my IP address. Instead, what I had to do was deliberately change my IP address within the noip control panel to something other than my actual public IP. Sure enough, NAS4Free reconfigured the settings to match that of my actual IP address! This proves to me that the settings actually do work and so no installation of any client software is needed on your NAS4Free box. Hooray.

Once the settings have been saved, it’s time to test the connection, preferably from a computer that is not within your home network. Once again, fire up WinSCP and this time, type in your noip domain name instead of your public IP address in the host name field. All the other fields should remain the same as before such as port number, user name and password. As you can see below, I once again have successfully connected to my internal NAS4Free server!

If you are getting an error, please remember that you still must port forward the correct port within your router to your server! If you haven’t, then you’re basically shutting the “doorway” of communication with your server.

Connected via NOIP

Just for fun, if you do a simple ping of your domain name, it should resolve right back to your public IP address.

Ping

As a friendly reminder, using a service such as noip to reach your internal server is exactly just that. It maps the name you’ve chosen to your public IP address and more importantly, it updates it when it detects a change. Although you can sign up and pay for additional features, it is not required at all should you just require something rudimentary like what we are doing here and like I’ve mentioned earlier, most home users will not require something more advance than this. Once you have connected to your server at home, whatever it is you upload or download is completely dependent on whatever Internet connection you are using at the moment. It doesn’t matter if you upload/download 1MB of file or 1GB. Noip is completely irrelevant at that point once the connection has been established, sort of. Just think of it as the middle man.

If you’re point A and you want to talk to point C, then you’ll have to first talk to point B because point B is the one who knows how to reach point C.

Security

Anytime we open “holes” and “doorways” in our router/firewall, we have to be very cautious where security is concerned because that is one more avenue for an attacker to enter from. When you do open up your NAS4Free server to Internet access, you absolutely want to make sure that you use as strong a password as you can to protect the root account and pretty much any other account as well. You have to remember that your server is powered on 24/7 and your Internet connection is most likely enabled 24/7 as well. Therefore, if you can access your server remotely over the Internet, so can an attacker. Of course, the chances of this happening can be slim but that doesn’t mean it’s impossible.

To give your other users the ability to also SSH into your NAS4Free server while away from home, you’ll need to make a simple change in their user account properties. In the ‘Shell’ drop down menu, simply select ‘SCPONLY’. This option allows the user to remote in to the server and access only the folders they have access to. The weird thing is that they can still view and copy important system files on the server but they can’t delete the files nor add anything to those system folders. Also, please remember to remind your users that their user name IS CASE SENSITIVE! The user Bob is not the same as bob! It drove me nuts initially so please don’t make the same mistake. Oh and of course, they will need to learn how to use WinSCP as well.

Scponly

Another thing you can do is periodically check your system log files for any malicious attempts to enter your system. Of course, a malicious user could simply erase and clear out your log but if that happens, then that obviously is a red flag to begin with. You can check your log file under Diagnostics –> Log. In the drop down box, select to view the SSH log file.

Log Files

In the End…

As you can see, even if you understand just a tiny bit of how DNS works, then you’ll also understand how it is that we can remotely connect to our internal NAS4Free server within our internal home network from outside the Internet. Once you are able to do so, then you can safely retrieve your files any time and from any place as long as you have a decent Internet connection. However, this sadly is not always the case. You could be stuck for example in a hotel where the network team decides to block access to all ports but a few necessary ones such as browsing web pages and sending/receiving email. Because we are using port 22, which is a well known port number for the FTP protocol, we can find ourselves locked out from our home server. As a safety precaution, you can configure your NAS4Free server to use a different port well beforehand. Not only is this a bit more safe but it might also help get you out of a sticky situation.

VN:F [1.9.22_1171]
Rating: 4.2/5 (5 votes cast)
Configuring Remote Access for NAS4Free, 4.2 out of 5 based on 5 ratings

Poll

For Windows 8 users on desktops and laptops, how often do you actually use "apps" downloaded through the Microsoft Store?

View Results

Loading ... Loading ...

Comments

  1. Simon,

    As a novice, I’m a bit confused. Your previous tutorial, that explains how to setup a NSA box, has some choices for Gateway and DNS settings. Can these two items have a part in accessing NAS4Free from the web?

    Regards.

    • Hey Rusty,

      The default gateway setting allows your NAS4Free server to route traffic out to the Internet from within your home network. Usually this gateway will be your router’s IP address. Your DNS address is for computer hostname to IP resolution. This DNS address can point to a public DNS server such as Google’s (8.8.8.8), your router’s IP if configured properly, or a DNS server from your internet service provider.

  2. Hi Simon,
    many thanks for your how-to, last week i followed your articles and i easily made a nas4free server using an old computer. I also enabled remote access through FTP-SFTP, with dynamic DNS, registering at no-ip.biz. Everything was running well, i was able to reach my server with my Android phone, using Turboclient o AndFTP app or with WinSCP from Windows machines. Yesterday i had a problem, i’m not able to reach the server using no-ip domain, the client tell me that the port 22 is open, but the IP reported it’s not correct, it’s not my actual IP (120 sec refreshement activated on nas4free dynamic dns service) that i can see on nas4free log or with whatsmyip. What’s the trick??? Thnak you again for your articles!!!

  3. Hi Simon

    I followed this article (and the previous one as well) and now have a NAS up and running. Thanks! I have two questions:

    1) It seems I can either a) remotely log into the GUI in a web browser if I put my port in the “Port” field under ‘System | General Setup’ or, b) remotely log in via WinSCP if I remove my port number from this field. When removed, here’s the error I receive in my web browser: “SSH-2.0-OpenSSH_6.2p2-hpn13v14 FreeBSD-openssh-portable-6.2.p2_3,1 Protocol mismatch.” When present, WinSCP stalls out looking for a host. Any suggestions? I’d like to have both functions available.

    2) Near the end of this article you explain that other (non ‘root’ admin) users can login via WinSCP if I change the user’s Shell setting to ‘scponly’. I’ve done this, but have not had any luck signing in as any user besides the admin user for the NAS. My assumption is that I would just change the user name in WinSCP from “root” to “Bob”. Am I missing something simple here?

    Thanks again for your time, these articles really are the most useful resource I’ve found for configuring NAS4Free.

    Best Regards
    Daniel

    • Hey Daniel.
      I’m glad you’ve stumbled across my articles and have made use of it.

      As to problem 1, I’m not sure what’s going on as I have never experienced that error before. Under my Port field, its left blank. I can access both the GUI via web browser as well as with WinSCP without any problems. Is your NAS4Free an embedded install or are you booting from the CD/USB each and every time? An embedded install is preferred in my opinion. If you are continuing to experience this problem, please visit the NAS4Free Forum for more support. I am definitely not an expert where NAS4Free is concerned! I keep forgetting to let readers know to visit this forum for support in case they are having issues with using NAS4Free.

      http://forums.nas4free.org/

      As to problem 2, I have just confirmed that my user Bob has only ‘scponly’ shell access. I have just tried to log in with WinSCP and have successfully connected without any hiccups. I have even asked a friend from overseas to test it out for me and he similarly can connect as Bob in WinSCP. But yes, the user name in WinSCP changes to the user you are trying to log in as. As stated in my article, please make absolutely sure that the user name is spelled out exactly the same as it was configured on the server! I initially could not connect because “bob” is NOT the same as “Bob”!

      Good luck!

  4. Hi Simon,
    Thanks so much for your articals. I now have Nasbox for my home network. However, according to the artical of configuring remote access for nas4free, I can not access when I fired up WinSCP, type in my public IP address in the host name field with port number of 22. It said that Network error: connection refused (The server rejected SFTP connection).
    Could you give me some hint to check why I didn’t ?
    Cheers,
    PHAM

    • Hey Pham. Thanks for reading the articles. As to your issue, a lot of things can actually be the problem when we’re talking about accessing our server from the Internet. However, here are some things to take a look at:

      - Have you tried to use WinSCP to remote into your server while inside your own network? For example, rather than using your public IP address, can you try using your server’s private IP address instead? For example, this could be 192.168.1.250 (the default if you haven’t changed it). This simple test lets you know whether your server is configured for SSH or not as the service is disabled by default. If you can’t make the connection while you’re are inside your own home network, then you’d know at least where to start troubleshooting first.

      - Have you made sure to configure your server properly? As mentioned above, SSH is not enabled by default on NAS4Free.

      - Are you sure you configured the port forwarding settings inside your router correctly? If you’re not sure, you’d need to consult your router’s documentation on how to properly configure this.

      - Are you sure you’ve entered in your correct public IP address? If your public IP address changes from time to time, you’d need a dynamic DNS service of some kind to help keep track of this change.

      - Have you tried using a different port besides port 22? Your Internet service provider may block all access to port 22 and so a different port may be required.

      • Hi Simon,

        Thank you for your hints.

        - Yes, I can access NASbox (default IP 192.168.1.250) with WinSCP while inside my network.
        - I checked my server by WebGUI, configuration is OK, SSH service is enabled.
        - I use whatismyip to check public IP usually. Today I tried again outside my network with WinSCP, However it said:

        Searching for host…
        Connecting to host…
        Authenticating…
        Authenticating with pre-entered password.
        Access denied.

        Regards,
        PHAM

        • I’m sorry Pham but I don’t have any more ideas. I personally have configured a new NAS4Free server as a virtual machine and followed my own instructions from my articles on getting it configured. I wanted to see if I missed any steps along the way that may have prevented you from connecting remotely but everything worked on my side. The only difference this time around is that I didn’t connect from an outside connection but rather from over a connected VPN instead. It seems that you made a successful connection to your server but you are stuck at the authentication phase. Your first comment suggested that your connection attempt failed altogether but now, it seems that something is wrong with either your user name or password.

          I actually remembered getting that same access denied error message over and over again in the beginning of my testing phase. It was driving me crazy. It turned out that the user name is case-sensitive. One of my test user account user name is Bob. However, I typed in bob and it didn’t like that at all. Other than that, I’m at a lost as well.

          Can you try checking the SSH log from the WebGUI? Go to Diagnostics –> Log and then select the SSH service from the drop down menu. This will show you all the connection attempts (failed or successful) made to your server via SSH. Hopefully this can give you a clue.

  5. Hi Simon,
    Great series of articles and I now have a NASbox up and running with remote access enabled. So much easier to follow that the help available from NAS4FREE.
    I have a comment and a question or 2.
    I found that the port forwarding was a little tricky. When I set it up for port 22, my router (Netcomm NB304N) responded with a message that as port 22 was in use (by the forwarding rule I had set up) that it has changed the internal SSH port to 2222. I then had to change the rule to translate the external port 22 to internal port 2222 and change the SSH service port in the NASbox to match so that the external device (in this case my android phone operating through my provider, not wifi) would get through the router and log into the NASbox.
    Did I do something wrong here? It worked but I would rather have left SSH as port 22.

    My other question, When I log in as root I get to the root directory. I then have to go up to the parent directory then down through /mnt/pool_1/ to get to my folder structure. Is there a way to have the ftp client go directly to the folder path I want?
    I tried to set the default remote folder (../mnt/pool_1/) but can’t get it to up to the parent first.
    Thanks,

    • Hey David. Thanks for reading the articles. I’m glad you found them useful.

      As for the port question, I don’t have an exact answer for that. My guess is that your router somehow reserved port 22 for some built in service or whatnot. Since every router can be configured differently, my generic answer is to simply check your router’s manual or take a deeper look within your router to see how it is configured. Also, using a different port for SSH besides the default port of 22 is actually a good security practice. When you use an “unknown” port for a “well known” service, it can sort of trick novice attackers. If an attacker sees that your port 22 is open, they will immediately know that your have some sort of FTP server configured in your network. If you use some other port, it can throw an inexperienced attacker off although if they really are persistent in attacking your network, they will have it figured out at some point or another.

      As for connecting to the same directory for every session, WinSCP actually allows you to set the default directory. You have two ways of doing so. You can either save a session with the information already configured or you can set the default directory of your choice as the default for WinSCP. Saving the session is preferred if you use multiple FTP accounts. Setting the defaults for WinSCP is preferred if you only have a need to connect to your server using one user account. Either way, you can do so within WinSCP. Look in the Directories setting under the Environments heading on the left hand side. Here you can set your default remote and local directory. On the Save button, hit the drop down arrow and you can either save the information as a session or set it as the WinSCP default.

Speak Your Mind

*


(humans only, please) *