April 20, 201511 yr Anyone doing remote access to their UnRaid server from the internet (i.e. not local net). I've got JuiceSSH which can do SSH and Telnet. I don't see OpenSSL or OpenSSH in the UnMenu. I believe that has been moved to a Docker? I see that Docker management has been moved inside the WebGUI, but can't find that. Is there some instructions somewhere?
April 20, 201511 yr I see that Docker management has been moved inside the WebGUI, but can't find that. Is there some instructions somewhere? You'll find most of the relevant instructions in the stickies in the docker thread, or my repositories thread links to most of them in the OP, and additionally RobJ's wiki on upgrading from v5 to v6 also has some pointers in the docker section
April 20, 201511 yr If your router is capable of VPN, you can access your unRAID from the Internet that way as well.
April 20, 201511 yr Author My WNDR4000 supports both VPN passthrough and IPv6. Is just a standard VPN tunnel through the firewall to the specific ports 192.168.xxx.xxx:23 what I need?
April 20, 201511 yr VPN passthrough won't help. It simply allows the firewall to pass VPN traffic for clients inside the network connecting to external VPN's. What your router needs is the ability to be a VPN server. I don't believe the WNDR4000 has the capability with stock firmware, but not certain. DD-WRT or Tomato firmware can do VPN server if the router is capable of running either.
May 3, 201511 yr Author Ok, I was able to setup port forwarding in my WNDR4000 and forwarded port 80/port 23 traffic to the server internal address and it works great. Telnet asks for a password - good, however, the webgui does not! So any hack can hack into my unraid server just by going to the proper port! I've turned that off for now... Is there a way to setup a password to access unRAID webgui?
May 3, 201511 yr Author Just answered my own question. It didn't require a password because I hadn't put a password on root yet. Problem solved! As soon as I had a root password, webgui asks...
May 3, 201511 yr Just answered my own question. It didn't require a password because I hadn't put a password on root yet. Problem solved! As soon as I had a root password, webgui asks... It's always great having users solve their own problems, answer their own questions ... I think I'll take a break now, after all this hard work, providing such great support!
May 3, 201511 yr It's always great having users solve their own problems, answer their own questions ... I think I'll take a break now, after all this hard work, providing such great support! Buy yourself a beer
May 3, 201511 yr Author A round for everyone! Oh, wait, there's still that pesky NIC issue...and the can't delete shares issue...and...no rest for the weary...argh! No beers for me just yet...
May 3, 201511 yr Author And...one more down, turns out the 'cant delete share' is a known issue... one more down and closer to that beer... Now the question is dark or light, can or draft, craft or microbrew...so many decisions...
May 3, 201511 yr Community Expert I wouldn't do this without VPN, regardless of how good my root password is. Opening port 80 to the internet is definitely going to have people knocking on your door loudly and constantly even if they can't break it down. If you can't or don't want to do VPN a simpler approach might be to install Teamviewer on another computer on your LAN and get into your network that way.
May 3, 201511 yr I wouldn't do this without VPN, regardless of how good my root password is. Opening port 80 to the internet is definitely going to have people knocking on your door loudly and constantly even if they can't break it down. If you can't or don't want to do VPN a simpler approach might be to install Teamviewer on another computer on your LAN and get into your network that way. +1 I briefly was using my server as an FTP server (with an insanely hard password), and within a day I was noticing intermittent attempts at breaking in.
May 4, 201511 yr Community Expert And by people, I actually mean people using automated means to do it so you can expect a lot of attempts very quickly and unceasingly.
May 4, 201511 yr CAVEAT EMPTOR: unRAID is not secure, not even for your local LAN. I strongly advise against putting it even within arms reach of the internet.
May 4, 201511 yr Not sure what you are trying to do when accessing your server over the Internet. I have been using TeamViewer which allows me to access my Windows workstation remotely. And from there I can do anything I want with my unRAID server.
May 4, 201511 yr Author Warnings heard. I have teamviewer and it works great on a PC, I've used it from all over the world to great affect. However, on an android phone, its not so great. I did find a telnet app (Juice) that works really well - but only if port 23 was opened. What other options are there to access the webgui (other than tools like VNC, Teamviewer, etc)... Eventually I want to open up plex to allow friends to access my library, you have to open a port for that (32400 I think), right? How does one resolve that issue?
May 4, 201511 yr Eventually I want to open up plex to allow friends to access my library, you have to open a port for that (32400 I think), right? How does one resolve that issue? You're right on plex. A port does have to be forwarded (or once again use a VPN) However, (assuming you're running the docker version), if it is possible for someone to completely hack their way through plex and gain access to the files on the server, then at least (if you setup the volume mapping properly), they will only have read only access to your media files, and no access to other files at all. If you open up the unRaid's GUI to the world, a hacker could potentially access all of your files, and delete / modify anything they want. Using docker mitigates that scenario.
May 4, 201511 yr Warnings heard. I have teamviewer and it works great on a PC, I've used it from all over the world to great affect. However, on an android phone, its not so great. I did find a telnet app (Juice) that works really well - but only if port 23 was opened. What other options are there to access the webgui (other than tools like VNC, Teamviewer, etc)... Eventually I want to open up plex to allow friends to access my library, you have to open a port for that (32400 I think), right? How does one resolve that issue? I use JuiceSSH , please don't port forward port 23 (telnet) that is a script kiddie delight. If you need command line use only ssh and only ssh. I have don't problem with ssh being port forwared with an insanely hard password. take a look at this https://howsecureismypassword.net/ however the teamviewer is a better option if you do not feel safe exposing your unraid box.
May 4, 201511 yr Eventually I want to open up plex to allow friends to access my library, you have to open a port for that (32400 I think), right? How does one resolve that issue? You're right on plex. A port does have to be forwarded (or once again use a VPN) However, (assuming you're running the docker version), if it is possible for someone to completely hack their way through plex and gain access to the files on the server, then at least (if you setup the volume mapping properly), they will only have read only access to your media files, and no access to other files at all. First going to agree with all the posts that came before, you need to be very careful when attempting this. Two things about fowarding ports for Plex. When you decide to foward this port you are basically relying on Plex to not have exploitable bugs. This is still true when running Plex in Docker. Docker does help a lot and makes things far better as Squid said, but you are at the end of the day still relying on Docker to be free of exploitable bugs. Last Nov-Dec there was a flaw in Docker which allowed containers to elevate their privileges and break out of their container. This was fixed quickly but to wrap this story up there is alwasy the risk of a new bug / exploit being found in a program you are using. There was a bug in Bash that was found last year that apparently existed for 10+ years. If you foward ports you are taking a risk, but it can be a calculated risk. Fowarding 32400 for Plex is far less risky, but not free of risk, than say fowarding 80 for HTTP or 23 for Telnet. Edit: Additional note, Emby (competitor to Plex) gives the option of only allowing HTTPS for external connections. This isn't fully implemented in every client yet, but that's the direction they are going. Clients are a bit less mature on Emby in general making using Emby a bit more complicated right now... but that might change in the future as well. I think current best pratice is running a VPN service, and using that to connect to your equipment remotely.
May 19, 201511 yr Author Apparently, Netgear feels they have solved this problem With regard to your inquiry, NETGEAR router's UPnP feature is enabled by default. It is because there are incoming programs that are active and can be access through your network. When the UPnP is enabled it is not vulnerable for any attacks. NETGEAR routers do have a built-in firewalls. Rest assured that the router is not vulnerable to any attacks. Also, NETGEAR routers DoS attack is also a feature of the router that is by default enabled. If you are seeing on the logs that there is an attack it does not mean that it can affect your local network or connection. It is just giving you a warning or informing you that there is an attack that is coming on your local network. Just love the advice from someone in the philippines...
May 19, 201511 yr Apparently, Netgear feels they have solved this problem With regard to your inquiry, NETGEAR router's UPnP feature is enabled by default. It is because there are incoming programs that are active and can be access through your network. When the UPnP is enabled it is not vulnerable for any attacks. NETGEAR routers do have a built-in firewalls. Rest assured that the router is not vulnerable to any attacks. Also, NETGEAR routers DoS attack is also a feature of the router that is by default enabled. If you are seeing on the logs that there is an attack it does not mean that it can affect your local network or connection. It is just giving you a warning or informing you that there is an attack that is coming on your local network. Just love the advice from someone in the philippines... I loled.
May 19, 201511 yr Warnings heard. I have teamviewer and it works great on a PC, I've used it from all over the world to great affect. However, on an android phone, its not so great. I did find a telnet app (Juice) that works really well - but only if port 23 was opened. What other options are there to access the webgui (other than tools like VNC, Teamviewer, etc)... Eventually I want to open up plex to allow friends to access my library, you have to open a port for that (32400 I think), right? How does one resolve that issue? I use a variety of methods. An Apache web server on docker to access certain apps using SSL only and password protected. OpenVPN on my router (you could use it on your Unraid machine - just my router has it build in so super easy) once connected I then use juicessh if I want to use a terminal, or just access my webui via a browser on my phone or tablet. What functionality is it that you need remote access for? Anything in particular? If you don't have a fixed IP then you need some dynamic DNS service which Plex has built in for it's own uses only, as well as Plex I personally use ddclient to update namecheap.com where I bought my domain name to use with Apache. So I can therefore go to https://myserver.com/app Works well for things like Sonarr, couch, NZBGet, Owncloud, COPS E-book library. I then use NZB360 and the owncloud client on my android. Not necessarily straight forward to set up to but rewarding.
May 19, 201511 yr I have an asus rt-n66u which is running asus wrt-merlin firmware, it is very close to stock firmware and pretty much endorsed by asus, setting up the VPN on this is such a breeze, set user and password then it lets you export the certs to use on another machine with a client..i FTP and access the unraid GUI through the VPN
May 19, 201511 yr I have an asus rt-n66u which is running asus wrt-merlin firmware, it is very close to stock firmware and pretty much endorsed by asus, setting up the VPN on this is such a breeze, set user and password then it lets you export the certs to use on another machine with a client..i FTP and access the unraid GUI through the VPN Yeah, I've got a AC-68U, can't run Merlin firmware as it has a built in modem, but OpenVPN setup is a doddle.
Archived
This topic is now archived and is closed to further replies.