HolidayBuyer's Guide

Computer Help forum

Question

Is it possible to access a nas behind a tunnel?

by too456 / June 2, 2011 7:09 PM PDT

I live in Singapore, where all the isps here tunnel all their users through a single ip, which is the only ip address that connects to the internet. All traffic is routed through this tunnel, then finds its way onto whichever user that the data is sent for. My question is: Is it possible to access a nas server behind this tunnel via ftp? I know the tunnel ip address and my own ip address behind the tunnel.

Discussion is locked
You are posting a reply to: Is it possible to access a nas behind a tunnel?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Is it possible to access a nas behind a tunnel?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
Answer
Yes
by Jimmy Greystone / June 2, 2011 11:10 PM PDT

Yes, it's possible, but it would be a supremely bad idea to have this NAS exposed to the Internet like that. If you can connect to it, so can any other random person on the Internet. This is one of those cases where you REALLY want to be sure that you think through ALL the consequences. Companies who spend more on just security in a year than you will probably make in 10 years, and have a staff of people who spend all day doing nothing but looking after network security, still manage to get compromised. So you have to ask yourself what hope you would possibly have if those people turned their attention to you. It's just a really, Really, REALLY bad idea once you think it thorough to some of the potential consequences. You can't just stop at, "Oh, this would be nice!"

Collapse -
Inbound sessions
by bill012 / June 2, 2011 11:47 PM PDT
In reply to: Yes

You definitely need to be concerned about security if you do this. I would at least use SFTP.

It will be quite a challenge to make this work.

You major issue is that in this type of design your internal IP must always send something first but how does it know that you want to access it so it can send this packet to you.

The simple yet costly solution is to use a hosting center to solve this. You would have your home machine open a tunnel to a fixed machine in the hosting center. You would then open a second tunnel from your external machine to this same machine in the hosting center. The hosting center machine would then route your tunnels together.

The other way is to use dynamic DNS and have your home machine constantly attempt to open a SSH tunnel to that address. When you are ready to use it you would set the dns to your current IP for the machine that was trying to access the NAS. You would then tunnel FTP or whatever though the SSH. (you could use other tunnel protocols). You would have to be sure to reset the DNS to something invalid when you were not using it or your ISP may get you for attacking machines since someone else may get the IP. Of course this method only works when the external machine has a actually IP address. If both machines are hidden behind ISP you cannot solve this yourself.

Collapse -
Answer
Open to crack
by Willy / June 3, 2011 1:17 AM PDT

Ditto! I agree with the other posters, you're just asking for trouble. Technically(remains static) it can be done and still worry if that's the only tunnel into an area, you maybe hitting some wall or traffic jams as it were. Considering recent events in China on security matters, etc. you're on a slippery slope.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.