Is it possible to access a nas behind a tunnel?

I live in Singapore, where all the isps here tunnel all their users through a single ip, which is the only ip address that connects to the internet. All traffic is routed through this tunnel, then finds its way onto whichever user that the data is sent for. My question is: Is it possible to access a nas server behind this tunnel via ftp? I know the tunnel ip address and my own ip address behind the tunnel.

Discussion is locked
Reply to: Is it possible to access a nas behind a tunnel?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Is it possible to access a nas behind a tunnel?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -

Yes, it's possible, but it would be a supremely bad idea to have this NAS exposed to the Internet like that. If you can connect to it, so can any other random person on the Internet. This is one of those cases where you REALLY want to be sure that you think through ALL the consequences. Companies who spend more on just security in a year than you will probably make in 10 years, and have a staff of people who spend all day doing nothing but looking after network security, still manage to get compromised. So you have to ask yourself what hope you would possibly have if those people turned their attention to you. It's just a really, Really, REALLY bad idea once you think it thorough to some of the potential consequences. You can't just stop at, "Oh, this would be nice!"

- Collapse -
Inbound sessions

You definitely need to be concerned about security if you do this. I would at least use SFTP.

It will be quite a challenge to make this work.

You major issue is that in this type of design your internal IP must always send something first but how does it know that you want to access it so it can send this packet to you.

The simple yet costly solution is to use a hosting center to solve this. You would have your home machine open a tunnel to a fixed machine in the hosting center. You would then open a second tunnel from your external machine to this same machine in the hosting center. The hosting center machine would then route your tunnels together.

The other way is to use dynamic DNS and have your home machine constantly attempt to open a SSH tunnel to that address. When you are ready to use it you would set the dns to your current IP for the machine that was trying to access the NAS. You would then tunnel FTP or whatever though the SSH. (you could use other tunnel protocols). You would have to be sure to reset the DNS to something invalid when you were not using it or your ISP may get you for attacking machines since someone else may get the IP. Of course this method only works when the external machine has a actually IP address. If both machines are hidden behind ISP you cannot solve this yourself.

- Collapse -
Open to crack

Ditto! I agree with the other posters, you're just asking for trouble. Technically(remains static) it can be done and still worry if that's the only tunnel into an area, you maybe hitting some wall or traffic jams as it were. Considering recent events in China on security matters, etc. you're on a slippery slope.

CNET Forums