Secure internet obtainable NAS
I would love to have the ability to set up and also accessibility a NAS firmly using an internet link. I would love to make use of an existing linux web server I possess, so basically I am seeking referrals for which software program would certainly be excellent.
Most safe and secure would certainly be an VPN link (ssh, OpenVPN, poptop ...) and also burrowed NAS (NFS, samba, iscsi ...) method. Anything goes below.
Yet the majority of very easy and also safe and secure would certainly be sshfs http://en.wikipedia.org/wiki/Secure_Shell_Filesystem, yet it is not really Windows pleasant.
You can additionally make use of a website based user interface which attaches over HTTPS. I recognize my NAS tool from THUS has such a capacity yet do not recognize what Linux OS matchings supply.
Additionally, with IIS you can go across directory sites, if Apache does the very same after that put a HTTPS on it and also away you go though that would just aloow downloads not uploads.
Or else an indicate aim VPN or VPN web server would certainly attain a complete 'network' experience.
Try FreeNAS. Do not make use of SAMBA, due to the fact that it is a really friendly method, and also it is bad for Internet accessibility.
If you can, placed it behind a firewall program (IPCop is an excellent selection), making it possible for just the methods you require (I would certainly recommend FTP or SFTP over a non - typical port). If you can not below is an iptables example config that you can make use of on the very same box (wait to/ etc/iptables. up.rules as an example):
*filter # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT # Accepts all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allows all outbound traffic # You can modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allows FTP from anywhere (modify port as necessary, or add more services) -A INPUT -p tcp --dport 21 -j ACCEPT # Allows SSH connections # # THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE # -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT # Allow ping (not necessary) -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # Reject all other inbound - default deny unless explicitly allowed policy -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT
To utilize it:
$ iptables-restore < /etc/iptables.up.rules
To instantly load the regulations on network up add the complying with to your network arrangement documents, after the loopback definition (/ etc/network/interfaces on Debian/Ubuntu):
pre-up iptables-restore < /etc/iptables.up.rules