jeffreywhunter Posted April 20, 2015 Share Posted April 20, 2015 Anyone doing remote access to their UnRaid server from the internet (i.e. not local net). I've got JuiceSSH which can do SSH and Telnet. I don't see OpenSSL or OpenSSH in the UnMenu. I believe that has been moved to a Docker? I see that Docker management has been moved inside the WebGUI, but can't find that. Is there some instructions somewhere? Link to comment
Squid Posted April 20, 2015 Share Posted April 20, 2015 I see that Docker management has been moved inside the WebGUI, but can't find that. Is there some instructions somewhere? You'll find most of the relevant instructions in the stickies in the docker thread, or my repositories thread links to most of them in the OP, and additionally RobJ's wiki on upgrading from v5 to v6 also has some pointers in the docker section Link to comment
dirtysanchez Posted April 20, 2015 Share Posted April 20, 2015 If your router is capable of VPN, you can access your unRAID from the Internet that way as well. Link to comment
jeffreywhunter Posted April 20, 2015 Author Share Posted April 20, 2015 My WNDR4000 supports both VPN passthrough and IPv6. Is just a standard VPN tunnel through the firewall to the specific ports 192.168.xxx.xxx:23 what I need? Link to comment
dirtysanchez Posted April 20, 2015 Share Posted April 20, 2015 VPN passthrough won't help. It simply allows the firewall to pass VPN traffic for clients inside the network connecting to external VPN's. What your router needs is the ability to be a VPN server. I don't believe the WNDR4000 has the capability with stock firmware, but not certain. DD-WRT or Tomato firmware can do VPN server if the router is capable of running either. Link to comment
jeffreywhunter Posted May 3, 2015 Author Share Posted May 3, 2015 Ok, I was able to setup port forwarding in my WNDR4000 and forwarded port 80/port 23 traffic to the server internal address and it works great. Telnet asks for a password - good, however, the webgui does not! So any hack can hack into my unraid server just by going to the proper port! I've turned that off for now... Is there a way to setup a password to access unRAID webgui? Link to comment
jeffreywhunter Posted May 3, 2015 Author Share Posted May 3, 2015 Just answered my own question. It didn't require a password because I hadn't put a password on root yet. Problem solved! As soon as I had a root password, webgui asks... Link to comment
RobJ Posted May 3, 2015 Share Posted May 3, 2015 Just answered my own question. It didn't require a password because I hadn't put a password on root yet. Problem solved! As soon as I had a root password, webgui asks... It's always great having users solve their own problems, answer their own questions ... I think I'll take a break now, after all this hard work, providing such great support! Link to comment
Squid Posted May 3, 2015 Share Posted May 3, 2015 It's always great having users solve their own problems, answer their own questions ... I think I'll take a break now, after all this hard work, providing such great support! Buy yourself a beer Link to comment
jeffreywhunter Posted May 3, 2015 Author Share Posted May 3, 2015 A round for everyone! Oh, wait, there's still that pesky NIC issue...and the can't delete shares issue...and...no rest for the weary...argh! No beers for me just yet... Link to comment
jeffreywhunter Posted May 3, 2015 Author Share Posted May 3, 2015 And...one more down, turns out the 'cant delete share' is a known issue... one more down and closer to that beer... Now the question is dark or light, can or draft, craft or microbrew...so many decisions... Link to comment
trurl Posted May 3, 2015 Share Posted May 3, 2015 I wouldn't do this without VPN, regardless of how good my root password is. Opening port 80 to the internet is definitely going to have people knocking on your door loudly and constantly even if they can't break it down. If you can't or don't want to do VPN a simpler approach might be to install Teamviewer on another computer on your LAN and get into your network that way. Link to comment
Squid Posted May 3, 2015 Share Posted May 3, 2015 I wouldn't do this without VPN, regardless of how good my root password is. Opening port 80 to the internet is definitely going to have people knocking on your door loudly and constantly even if they can't break it down. If you can't or don't want to do VPN a simpler approach might be to install Teamviewer on another computer on your LAN and get into your network that way. +1 I briefly was using my server as an FTP server (with an insanely hard password), and within a day I was noticing intermittent attempts at breaking in. Link to comment
trurl Posted May 4, 2015 Share Posted May 4, 2015 And by people, I actually mean people using automated means to do it so you can expect a lot of attempts very quickly and unceasingly. Link to comment
BRiT Posted May 4, 2015 Share Posted May 4, 2015 CAVEAT EMPTOR: unRAID is not secure, not even for your local LAN. I strongly advise against putting it even within arms reach of the internet. Link to comment
SSD Posted May 4, 2015 Share Posted May 4, 2015 Not sure what you are trying to do when accessing your server over the Internet. I have been using TeamViewer which allows me to access my Windows workstation remotely. And from there I can do anything I want with my unRAID server. Link to comment
jeffreywhunter Posted May 4, 2015 Author Share Posted May 4, 2015 Warnings heard. I have teamviewer and it works great on a PC, I've used it from all over the world to great affect. However, on an android phone, its not so great. I did find a telnet app (Juice) that works really well - but only if port 23 was opened. What other options are there to access the webgui (other than tools like VNC, Teamviewer, etc)... Eventually I want to open up plex to allow friends to access my library, you have to open a port for that (32400 I think), right? How does one resolve that issue? Link to comment
Squid Posted May 4, 2015 Share Posted May 4, 2015 Eventually I want to open up plex to allow friends to access my library, you have to open a port for that (32400 I think), right? How does one resolve that issue? You're right on plex. A port does have to be forwarded (or once again use a VPN) However, (assuming you're running the docker version), if it is possible for someone to completely hack their way through plex and gain access to the files on the server, then at least (if you setup the volume mapping properly), they will only have read only access to your media files, and no access to other files at all. If you open up the unRaid's GUI to the world, a hacker could potentially access all of your files, and delete / modify anything they want. Using docker mitigates that scenario. Link to comment
ijuarez Posted May 4, 2015 Share Posted May 4, 2015 Warnings heard. I have teamviewer and it works great on a PC, I've used it from all over the world to great affect. However, on an android phone, its not so great. I did find a telnet app (Juice) that works really well - but only if port 23 was opened. What other options are there to access the webgui (other than tools like VNC, Teamviewer, etc)... Eventually I want to open up plex to allow friends to access my library, you have to open a port for that (32400 I think), right? How does one resolve that issue? I use JuiceSSH , please don't port forward port 23 (telnet) that is a script kiddie delight. If you need command line use only ssh and only ssh. I have don't problem with ssh being port forwared with an insanely hard password. take a look at this https://howsecureismypassword.net/ however the teamviewer is a better option if you do not feel safe exposing your unraid box. Link to comment
gundamguy Posted May 4, 2015 Share Posted May 4, 2015 Eventually I want to open up plex to allow friends to access my library, you have to open a port for that (32400 I think), right? How does one resolve that issue? You're right on plex. A port does have to be forwarded (or once again use a VPN) However, (assuming you're running the docker version), if it is possible for someone to completely hack their way through plex and gain access to the files on the server, then at least (if you setup the volume mapping properly), they will only have read only access to your media files, and no access to other files at all. First going to agree with all the posts that came before, you need to be very careful when attempting this. Two things about fowarding ports for Plex. When you decide to foward this port you are basically relying on Plex to not have exploitable bugs. This is still true when running Plex in Docker. Docker does help a lot and makes things far better as Squid said, but you are at the end of the day still relying on Docker to be free of exploitable bugs. Last Nov-Dec there was a flaw in Docker which allowed containers to elevate their privileges and break out of their container. This was fixed quickly but to wrap this story up there is alwasy the risk of a new bug / exploit being found in a program you are using. There was a bug in Bash that was found last year that apparently existed for 10+ years. If you foward ports you are taking a risk, but it can be a calculated risk. Fowarding 32400 for Plex is far less risky, but not free of risk, than say fowarding 80 for HTTP or 23 for Telnet. Edit: Additional note, Emby (competitor to Plex) gives the option of only allowing HTTPS for external connections. This isn't fully implemented in every client yet, but that's the direction they are going. Clients are a bit less mature on Emby in general making using Emby a bit more complicated right now... but that might change in the future as well. I think current best pratice is running a VPN service, and using that to connect to your equipment remotely. Link to comment
jeffreywhunter Posted May 19, 2015 Author Share Posted May 19, 2015 Apparently, Netgear feels they have solved this problem With regard to your inquiry, NETGEAR router's UPnP feature is enabled by default. It is because there are incoming programs that are active and can be access through your network. When the UPnP is enabled it is not vulnerable for any attacks. NETGEAR routers do have a built-in firewalls. Rest assured that the router is not vulnerable to any attacks. Also, NETGEAR routers DoS attack is also a feature of the router that is by default enabled. If you are seeing on the logs that there is an attack it does not mean that it can affect your local network or connection. It is just giving you a warning or informing you that there is an attack that is coming on your local network. Just love the advice from someone in the philippines... Link to comment
gundamguy Posted May 19, 2015 Share Posted May 19, 2015 Apparently, Netgear feels they have solved this problem With regard to your inquiry, NETGEAR router's UPnP feature is enabled by default. It is because there are incoming programs that are active and can be access through your network. When the UPnP is enabled it is not vulnerable for any attacks. NETGEAR routers do have a built-in firewalls. Rest assured that the router is not vulnerable to any attacks. Also, NETGEAR routers DoS attack is also a feature of the router that is by default enabled. If you are seeing on the logs that there is an attack it does not mean that it can affect your local network or connection. It is just giving you a warning or informing you that there is an attack that is coming on your local network. Just love the advice from someone in the philippines... I loled. Link to comment
CHBMB Posted May 19, 2015 Share Posted May 19, 2015 Warnings heard. I have teamviewer and it works great on a PC, I've used it from all over the world to great affect. However, on an android phone, its not so great. I did find a telnet app (Juice) that works really well - but only if port 23 was opened. What other options are there to access the webgui (other than tools like VNC, Teamviewer, etc)... Eventually I want to open up plex to allow friends to access my library, you have to open a port for that (32400 I think), right? How does one resolve that issue? I use a variety of methods. An Apache web server on docker to access certain apps using SSL only and password protected. OpenVPN on my router (you could use it on your Unraid machine - just my router has it build in so super easy) once connected I then use juicessh if I want to use a terminal, or just access my webui via a browser on my phone or tablet. What functionality is it that you need remote access for? Anything in particular? If you don't have a fixed IP then you need some dynamic DNS service which Plex has built in for it's own uses only, as well as Plex I personally use ddclient to update namecheap.com where I bought my domain name to use with Apache. So I can therefore go to https://myserver.com/app Works well for things like Sonarr, couch, NZBGet, Owncloud, COPS E-book library. I then use NZB360 and the owncloud client on my android. Not necessarily straight forward to set up to but rewarding. Link to comment
loady Posted May 19, 2015 Share Posted May 19, 2015 I have an asus rt-n66u which is running asus wrt-merlin firmware, it is very close to stock firmware and pretty much endorsed by asus, setting up the VPN on this is such a breeze, set user and password then it lets you export the certs to use on another machine with a client..i FTP and access the unraid GUI through the VPN Link to comment
CHBMB Posted May 19, 2015 Share Posted May 19, 2015 I have an asus rt-n66u which is running asus wrt-merlin firmware, it is very close to stock firmware and pretty much endorsed by asus, setting up the VPN on this is such a breeze, set user and password then it lets you export the certs to use on another machine with a client..i FTP and access the unraid GUI through the VPN Yeah, I've got a AC-68U, can't run Merlin firmware as it has a built in modem, but OpenVPN setup is a doddle. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.