Jump to content
BryantD

Accessing my unRAID server remotely

59 posts in this topic Last Reply

Recommended Posts

Is it possible to access my unRAID server remotely? I just purchased a Trendnet TEW-633GR Wireless N Gigabit Router (to replace my aging Microsoft 811g router). I've played around with the "Virtual Server" but can't fiqure out how to make it work. I've also tried Laplink but it won't see the unRAID server at all, just my drives on my XP machine.

 

Any help is greatly appreciated.

Share this post


Link to post

Full remote control, with full access to a keyboard, mouse, and all of the graphical elements of a desktop, is only possible with a 'host' component loaded on the machine being controlled, compatible with a controlling client on another machine.  That makes it extremely unlikely to ever be compatible with tools like LapLink, unless you can convince the LapLink developers to release the source, in a Linux compatible form, and re-compile it in a Slackware 12 environment, for installing on an unRAID server!  A better chance would be to look into a VNC hosting component.

 

However, remote control of unRAID using advanced graphics tools like those mentioned above is completely unnecessary, as there are no graphic elements to display, only a text console, which is already available, through any Telnet client, such as the free one built into Windows, or the superior PuTTY.

 

 

Added to FAQ (link back only), here.  Feel free to add, edit, or expand.

Share this post


Link to post

I am not sure how Rob explained anything :D (no insult Rob).

 

To access unRAID remotely depends on what you mean by access.

 

If you need terminal access, you probably need to forward (from your router) port 23 to your unRAID IP.

If you need the web interface, you will need to forward port 80 to your unRAID IP.

If you need to access the shares, it is more compicated maybe, but you can start by trying to forward port 139.

 

For the first two, is very easy to also hide them behind different ports (a "high" port).

For example you "hide" telnet behind port 12345, by telling your router to port forward port 12345 to port 23 on you unRAID IP. Then you access by telnet realIP:12345 (format depending on telnet client - I suggest PuTTY too).

For the web even simpler. You do the same trick and then just type in your (remote) explorer: http://realIP:12346

 

For the third, someone else might help and tell us if it is possible to access a share using a different port.

If you keep the standard port, then open a window in your remote PC and just type \\realIP and your shares should show up (not instantly).

 

If your IP is dynamic, you might need to setup a dyndns account (google it).

 

Now if you have a VPN connection (you probably don't) you don't need to do anything and you just access everything remotely (from the remote VPN location - not from anywhere) by using your normal internal unRAID IP (or even netbios name if your router is smart enough).

 

 

Share this post


Link to post

Accessing your content remotely is very different than managing your array remotely, but both have a common requirement, that is to limit the access to just those authorized.

 

Unless you enable passwords on your login IDs, and also on your shared drives, you probably do not want to allow access to ANY PC on your LAN from anywhere else other than your local LAN.

 

If your desire is to be able to play your content remotely, then there is a possibility that this product http://www.orb.com/en might help.  It is somewhat similar to "slingbox," but uses your XP PC rather than dedicated "slingbox" hardware.

 

It is a program that you install on a PC on your LAN (running XP, or Vista) that has access to your unRAID server's shared drives.  You then need to open up ports on your router so you can get to the XP PC running Orb, and either have a fixed IP address, or set up a way to track the IP address assigned dynamically by your ISP.

 

Then, via the Orb software, you can remotely play your music or videos stored on the unRAID server. 

 

I've not yet tried it, since I don't have a powerful enough XP machine running 24 hours per day on my LAN to act as the Orb-server, but it is free to get an orb account.

 

It does let you play anything on your server from any PC with a browser, and it takes care of reducing resolution based on the available bandwidth.

 

Joe L.

Share this post


Link to post

FTP is the best candidate for remote access to the filesystem.  It's secure, and configurable, and works with many clients, including a web browser.

Share this post


Link to post

Please do not port forward telnet and/or the web page.

You will be asking for someone to hack into your machine.

I get no less then 50 hack attempts a day on my network

 

Unless you set a root password, the unRAID environment is very insecure.

If you set a root password then you can enable FTP and have remote access to your data with good security (but only if you set a password).

As suggested by bubbaq it's the best candidate for remote access.

VSFTPD which is installed and enabled in unraid is very secure (as long as you set a password).

 

All bets are off if you do not enable a password. Someone will be inside your machine very fast if you don't.

 

 

Share this post


Link to post

agreed, ftp is much more secure and of course minimum requirement for ANY remote access is that you set up passwords (esp. for root)

 

the problem with the casual user is that ftp is installed alright, but not really configured (in any useful way)

 

 

Share this post


Link to post

Lots of good discussion here but i thought i would make something clear for the users that only skim posts....

 

 

DO NOT allow internet access to unRAID. It is NOT designed to be secure in this way.

Share this post


Link to post

agreed, ftp is much more secure and of course minimum requirement for ANY remote access is that you set up passwords (esp. for root)

 

the problem with the casual user is that ftp is installed alright, but not really configured (in any useful way)

 

 

 

I've never messed with any kind of FTP so I have no idea how to best configure my router, etc. to allow remote access so any help is greatly appreciated.

Share this post


Link to post

agreed, ftp is much more secure and of course minimum requirement for ANY remote access is that you set up passwords (esp. for root)

 

the problem with the casual user is that ftp is installed alright, but not really configured (in any useful way)

 

 

 

I've never messed with any kind of FTP so I have no idea how to best configure my router, etc. to allow remote access so any help is greatly appreciated.

 

All the more reason for you not to do it. Seriously just unlock your front door and put an advert in the paper to come and rob your house. Thats likely to have less of a security impact than what your trying to do.

Share this post


Link to post

I see a lot of fear-mongering and FUD, and not much help being offered to BryantD.  You guys are better than that.

 

Everything has security risks.  Having your data on unRAID is less secure than on an un-networked PC.... yet we do it.

 

Connecting to the Internet at all is less secure than not ... yet we do it.

 

Risks are everywhere... we don't go an climb in a hole and pull it in after us..... we manage them.

 

I have FTP access to my unRAID from the Internet.  I also have HTTP access open.  It is not hard to do it securely.  When I am on the road, I can play movies on my laptop via HTTP streaming from my unRAID box.  I can upload my photos from photoshoots.  If I am in a research library, I can upload to and download files from unRAID (which is VERY useful since many research libraries disable all methods to save files and take them with you... no floppies or USB ports.  I save them on the local drive, then upload via HTML form to unRAID)

 

I see unsecured WiFi as a MUCH more serious security problem.

 

BryantD, will your remote access be done with your own computer (i.e. laptop) or will you be using whatever computer is handy at the remote location?

 

Then, see if your router has MAC address filtering... that is a useful security step.  Second, Google vsftp, and read up on how to configure it.

Share this post


Link to post

You cannot teach someone to secure a service via a forum thread. Im sorry if my last post came across as scaremongering but it is not in any way FUD. I deal with this stuff all day every day as my job and I can say with absolute certainty that unRAID is not designed to be accessed from the net. Yes you can do it. Yes you can add security over the top of it but its basic design fundamental was and is private LAN open access with a bare minimum of security ONLY if set up in a way that is not default.

 

A user looking to allow remote access will, due to human nature, filter out all the negative opinions and go for an end game approach of secure enough for them based on insufficient understanding of the risks they are placing themselves under.

 

By all means lets help this chap but lets not make claims of FUD. If you are running any internet facing service you should be patching non stop. Normal users cannot do this with unRAID so what is secure today will probably not be secure tomorrow and users wont know this until it is too late.

 

We have a duty of care here as responsible supporters/hackers/helpers not to play down the risks especially, and this is the crux of my opinion, we are instructing users who are less skilled how to make unRAID do something it was specifically designed not to do.

 

My opinion is still don't do it. Its not designed to do it and the risks you face almost certainly outweigh the benefits.

 

Edit: And last and by no means least. The last thing Tom and Limetech need is any "unRAID was hacked press".

Share this post


Link to post

You cannot teach someone to secure a service via a forum thread.

 

I disagree.  It depends on how good a teacher the person doing the teaching is.

 

While unRAID's "no-root-pwd" paradigm is not intended for unsecured public access, a properly configured router is not unsecured public access.  I have hundreds of clients with information a hell of a lot more important than anything you have on your unRAID box, running with plenty of Internet access to those boxen.  Some of these boxes even have SMB ports open to the world!! OMG, protect the children!

 

A properly configured router and server can allow remote access to unRAID, without any undue security risk.  If you don't believe me, just check the IP addy I'm using to make this post -- it is the one I use to access my unRAID box from the internet.  See if you can get to my unRAID box.... I can.

 

MAC filtering along with conservative port forwarding, application gateway, and vsftp configuration is safe.  HTTP access to a properly configured unRAID server running Apache is no less safe than any other Apache server (of which there are 10s of millions connected to the Internet).

 

As for the average user...  IMX the "average" user plugs in a router to their modem and leaves it wide open.. no WEP or WPA, default settings, etc.  These are wide open to the most heinous of DNS posioning drive-bys that are a much bigger risk than someone getting to your unRAID box.  Drive through a neighborhood with BackTrack (http://www.remote-exploit.org/) booted up and see the proliferation of open or default-configured routers.

 

Don't get me wrong -- I'm the first to punt on the "don't teach me stuff just tell me what to do to make it work" crowd and people that don't care about security.  But until a poster places his or herself in that category, they deserve assistance, and not ridicule.

Share this post


Link to post

You cannot teach someone to secure a service via a forum thread.

 

I disagree.  It depends on how good a teacher the person doing the teaching is.

 

Knock yourself out then :) Just keep in mind there could be irreplaceable content on the box that relies on you and the end user getting it 100% and nothing going wrong ever.

 

All this coming only weeks after a huge security hole in the 100% safe never could be broken implementation of Debian ssh. Personally thats a responsibility i think no one should take onboard.

Share this post


Link to post

I see a lot of fear-mongering and FUD, and not much help being offered to BryantD.  You guys are better than that.

 

Everything has security risks.  Having your data on unRAID is less secure than on an un-networked PC.... yet we do it.

 

Connecting to the Internet at all is less secure than not ... yet we do it.

 

Risks are everywhere... we don't go an climb in a hole and pull it in after us..... we manage them.

 

I have FTP access to my unRAID from the Internet.  I also have HTTP access open.  It is not hard to do it securely.  When I am on the road, I can play movies on my laptop via HTTP streaming from my unRAID box.  I can upload my photos from photoshoots.  If I am in a research library, I can upload to and download files from unRAID (which is VERY useful since many research libraries disable all methods to save files and take them with you... no floppies or USB ports.  I save them on the local drive, then upload via HTML form to unRAID)

 

I see unsecured WiFi as a MUCH more serious security problem.

 

BryantD, will your remote access be done with your own computer (i.e. laptop) or will you be using whatever computer is handy at the remote location?

 

Then, see if your router has MAC address filtering... that is a useful security step.  Second, Google vsftp, and read up on how to configure it.

 

It will be done with my laptop. My new router has MAC address filtering. I'll read up on configuring vsftp. Thanks for the help!

Share this post


Link to post

I see allot of words, but has anyone created a wiki article to do so?

 

My statements were clear in that not to enable telnet or the "base" emhttp remote access via port forwarding.

Unless you are going to learn someone's router,  write a detailed article and/or assist them by hand holding,  it's not recommended for either of those.

 

FTP via VSFTP is somewhat safe as long as a password is enabled. Without it, everything is at risk.

 

The thing about telnet and emhttp is, no matter how secure you think you've got things.

If someone is pounding on your door, you may not know it because their may not be traces in the logs and/or the logs are not visible from the main page.

 

Someone could easily fish for the root password via brute force methods.

These methods are distributed and will go on incessantly.

 

So all you need is one mistake..

Other then that, a detailed article on setting up remote access.

 

Frankly, I don't have the time. I'm working on too many development projects.

NAGIOS monitoring of unRAID, ftwkd rsyncing to multiple unraids and a power control daemon to allow remote shutdown/reboot via TCP/IP. I'm trying my hand at some XMLRPC so that I can have a remote unraid control daemon.

 

Please let's be wise about this and consider the article on FTP access.

Share this post


Link to post

I see a lot of fear-mongering and FUD, and not much help being offered to BryantD.  You guys are better than that.

 

Everything has security risks.  Having your data on unRAID is less secure than on an un-networked PC.... yet we do it.

 

Connecting to the Internet at all is less secure than not ... yet we do it.

 

Risks are everywhere... we don't go an climb in a hole and pull it in after us..... we manage them.

 

I have FTP access to my unRAID from the Internet.  I also have HTTP access open.  It is not hard to do it securely.  When I am on the road, I can play movies on my laptop via HTTP streaming from my unRAID box.  I can upload my photos from photoshoots.  If I am in a research library, I can upload to and download files from unRAID (which is VERY useful since many research libraries disable all methods to save files and take them with you... no floppies or USB ports.  I save them on the local drive, then upload via HTML form to unRAID)

 

I see unsecured WiFi as a MUCH more serious security problem.

 

BryantD, will your remote access be done with your own computer (i.e. laptop) or will you be using whatever computer is handy at the remote location?

 

Then, see if your router has MAC address filtering... that is a useful security step.  Second, Google vsftp, and read up on how to configure it.

 

I've read & printed several documents pertaining to vsftpd but I cannot figure out how to utilize this. I am Linux challenged big time!

Share this post


Link to post

How frequently will you travel and want remote access?

 

Will you need to just READ files (download), or will you also upload files?

 

Will you need access to the whole unRAID array, or just data on one disk?

Share this post


Link to post

How frequently will you travel and want remote access?

 

Will you need to just READ files (download), or will you also upload files?

 

Will you need access to the whole unRAID array, or just data on one disk?

 

Both my wife and I are Realtors so we have computers at our work office and at our home office. It would be great to access files from a central location. Plus I have an extensive audio collection that I would like to access from my brother's computer to backup.

 

So to answer your questions: I would like to read & upload files & access the whole unRAID array.

Share this post


Link to post

Can you do your uploads to a single directory, and leave them there until you return home and then move them to their proper location?  This will be much more secure.

Share this post


Link to post

Can you do your uploads to a single directory, and leave them there until you return home and then move them to their proper location?  This will be much more secure.

 

If its more secure that way, no problem.

Share this post


Link to post

I have read through this whole thread and am still a little lost on how to access my content when i am away from home.  I would like to access via FTP but i can not quite figure out how to do that.

 

If someone could explain it and point me in the right direction that would be great.

Share this post


Link to post

1) set up FTP access to read-only for one directory on drive 1, and write access to one (different) directory on drive 1.  Make sure it is properly password protected.

2) create symlinks in the read-only directory to all the other unRAID drives that you want to access remotely.

3) set up port forwarding on your router, forwarding a random port, such as 2457, to unRAID port 21.  Also enable port triggering on your router so when the port 21 connection opens a data session on another port, it will be forwarded.

 

from the remote site, you can now ftp to you router's IP addy on port 21, and get to unRAID.

 

If you only want read-access, you can do it more safely with Apache and use a browser for access.

 

Share this post


Link to post

My first question is about port forwarding, does a switch being between the unraid box & the router change any router settings or can I just pretend the switch is not there? 

 

My second question is more generic unraid question.  I don't have a keyboard & mouse plugged into the box, is there a way to login to the box remotely over my lan with telnet or anything?  *edit* I found the instructions for how to telnet into the box.

 

*edit*  Is anyone willing to share their  vsftpd.conf  file? 

Share this post


Link to post

can anyone say disaster waiting to happen.

 

Glimmerman911 don't do it. just don't. you don't have anywhere near the skill levels required to securely do what you want to do.

 

I cant say that any more politely.

 

dont do it.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.