Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Treize]

This may be a question already solved but I cannot find it on the forum. How do I access files on my NAS at home at a remote location. The manual and package says this is possible but I have yet to figure out how to do this. Any help would be greatly appreciated

[gunrunnerjohn]

You'd enable the FTP server and forward port 21 through your router.  That's the easy way...

[D-Link Multimedia]

http://www.dlink.com/support/faqDetail/?prod_id=2763

Hopefully that solves your issues :0

[Treize]

Thanks that's exactly what I needed. Just to make sure, if i dont have a static IP address then this wont be that effective correct? Lastly, once I have set this up, how do I actually connect to the NAS from my office (thats the part thats not in the manual). Thanks in advance

[D-Link Multimedia]

A static ip when setting up FTP is definitely a good idea. When accessing there is a couple ways. You could take the techie way and open up something like command prompt and type ftp, open IP_ADDRESS, and connect that way. But I would suggest using something simple like FireFTP (Addon for Firefox) or there are many free ftp clients. You can even use the regular browser for downloading from your ftp (IE and FireFox) but if you want to upload you would have to use IE and open it in Windows Explorer mode.

[JoeSchmuck]

You don't need a static IP and effectivness doesn't change.  It would be nice to have a static IP, I think we all would like one but that costs money.  The NAS allows you to configure a DYNDNS account (dlinkdns is dyndns account) so when your IP address changes, the DynDNS server is updated and all you point to is an address like mynas.dyndns.org:21  although I would change your router to redirect some other unused port number (6767 maybe) to port 21.  This will fore you to enter mynas.dyndns.org:6767 and keep FTP hackers away since thye want port 21.  Just a thought (I do this).

-Joe

[mzpx]

@Treize:
Just a word of caution. FTP is an extremely unsecure protocol (way of communication), both your data and your credentials (username / password) are sent unencrypted, so anyone with a network sniffer can get them.

The DNS-321 currently does not support encrypted remote access to my knowledge (at least not without some hacking, which I would not recommend unless you know what you are doing).

As long as the data on the server is nothing secret (e.g. financial data)
and you have some OTHER backup copies (so if some kid breaks into your server and deletes everything 'just for fun', you could still restore it),
using FTP works and should be OK.

Some people had asked for adding support for more secure ways of accessing the data (e.g. SFTP), but I would not hold my breath in anticipation.

IMHO the DNS-321 is a nice box for a home file server, but I would not recommend it if your main goal was remote access, unless the data you put on it is not that important. (E.g. if you put out copies (!) of your photos for your family to download - that should be OK.) With that said, even if you use plain FTP, most likely no one will steal / delete your files, but the risk is there.

[JoeSchmuck]

Any my last donation here is...  Since you asked how to access your files from a remote location, can you leave your home computer on?  If so then you could use Remote Access or a VNC.  Since Windoze 7 Home Premium does not have Remote Access (what a shame) I use RealVNC.  It's a pay product but you can get the same functionality from TightVNC, a free product.  I used it for years and was very happy with it but RealVNC has better screen refreshing.  If you can use Remote Desktop, I strongly recommend it.

So that will allow you to access your computer remotely and thus access your NAS files.  If you're looking to share your NAS files, yea, the FTP is about all you can do.  Secure FTP will hopefully be coming soon in the next firmware version.  I believe you can use Fun Plug to use secure FTP but you may want to look into it.  Just search google for "dns-321 fun plug" and I think you will find instructions and info.  I think there is a web server as well.

-Joe

[Dad Man Walking]

Questions for JoeSchmuck and anyone else with some experience here:

I've not opened up FTP on the 321 yet but I was running it (mostly as an experiment) with an NSLU2 a few years ago.  I used the default port 21.  I noticed that sometimes the activity light on the device would flicker for hours/days at a time, then go silent.  I assumed that somebody (some bot, actually) was banging on the front door, trying to get in.  The standard firmware had little in the way of logging and I don't think you could terminate the login attempt after a given number of tries, so about all I could do was look at the flickering light.

At the time I was both amused and concerned.  I had a strong password and my assumption was that even if somebody got in, they would find a usually empty directory, and that's as far as they could go, they would not be able to hop around the home network any further.  But it still bugged me that a-holes were out there trying to break in.

So on to the questions.  By redirecting to a different port, do you find that these automated attacks are less frequent?  And are you confident that even if your FTP server was compromised, that's as far as the attacker would get...there is nothing further that they could do either on the NAS or beyond it?

TIA for your thoughts.

[mzpx]

I am not JoeSchmuck and I don't know if he can tell whether his lights blink faster than yours or not. :-)
(Just kidding.)

But - and I reserve the right to be wrong - I think kiddie scripts basically work by running a port scan and then trying to login using every known login method (ftp, telnet, ssh, whatever) on every open port they find. Not very sophisticated, but computer time is cheap. So they will get to you no matter what port you use. And there are zillions of users using simple passwords that are there on every password list, so they will get access somewhere sooner of later. Maybe not at your box.

Using a different port might make a difference for people when their ISP does not allow access to some standard ports. Otherwise I would not count for security on the obscurity of some high port.

As far as what can they do once they are in... I don't know. But your DNS-321 is running a firmware and unlike your Linux/Windows/OSX desktop it does not get regular security patches. So if there is a security hole in the FTP server program and it is found this week, your box will run the current, unsecure version a year from now still, most likely. (Dlink does not have the resources to maintain regular patches, sorry.) And if they can get to a shell prompt they can sniff your internal network, etc.

I don't want to be an alarmist and I think if you use complex passwords you are probably better than most, but I would not bet my money on the security of any FTP server.

One solution is (maybe a bit more complex and involved) is to use two routers. Behind the first router you setup your 'dirty/public' machines, where you have open ports. (You FTP server, web server, whatever.) And then you keep you 'safe' machines behind another router on a separate network and allow no outside access to that. I know, it is a bit paranoid, but better than wishful thinking and considering the price of a router these days, it is not that expensive. The real problem is that you will need two of everything - including two servers.

You have to separate your data to 'internal/secure' and 'external/dirty'. Photos you publish for your family you put on the outside server. Your financial files go to your internal server. Again, considering the price of a DNS-321, it is not that expensive. But soon you start thinking if you really need to setup / maintain a whole public server, or if you were better off to use some public hosting option, that can be had for $5 a month.

I am no security expert, I just don't want you to have the fake feeling of security just because you move your FTP connection to a high port.

[JoeSchmuck]

Sorry not chiming in right away, been busy.

The build in FTP in the NAS is not secure however I only use mine for public use like sharing files or photos, stuff I'm fine with anyone seeing.  Is it secure...  Like mzpx said, if there is a security issue with that product, it will not be fixed right away, if ever.  I like changing the port number in my router as it means the casual hacker will not hit it, I hope.  I don't think there is a problem with someone hacking into a directory which you are not sharing at this time.

My preference to running a secure FTP is to run FreeNAS in a virtual machine.  This in my opinion is the only safe way to run anything on the open internet.  The virtual machine keeps your data isolated from the rest of your computer.  You can download VMware Player or VMware Server and a copy of FreeNAS (already built) for free.  I prefer VMware Server 2 since it releases resources when not in use.  The drawback to this is you need to leave your computer running and it has nothing to do with this forum.

Now if you like, I believe Fun Plug has secure FTP and you can update the application when new ones come out.

If you really want to use the bult in NAS FTP, I'd recommend using that one NAS exclusivly for public FTP.  Don't put anything sensitive on it.  Use a seperate NAS for your backups or whatever else you desire.

And as for blinking lights, the network activity light flashes pretty much all the time and I suspect it's indicating all traffic, not only NAS traffic.

Don't know if this helped at all but good luck.