Making NAS publically available

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello there,

I'm currently struggling to make my NAS server reachable via the public IP address.
I can reach it just fine within my own network, but if I wanted to share a file with a friend or family member than that NAS server is unreachable.

Steps I've done thus far:

  • within the NAS server setup everything that should forward the traffic outside as well
  • in OpenWRT configured port forwarding rules to two specific ports that I wanted reachable from the internet
  • in OpenWRT set the zones to

lan => wan => accept (input, output, forward)
wan => lan => accept (input, output, forward) (masquerading)

Before you say anything, I know setting up an OpenVPN server would be the safer to expose it....but I'd ideally like to share files with friends who are not so tech-savvy.

Is there any other way, or am I doing something wrong here?

cheers.

2

Welcome to the community!

Aside this being dangerous as you noted, you didn't mention the protocol.

If it's Samba, you ISP likely blocks it. Within the last few years, malware were discovered to use the same ports. To mitigate such a global propagation, a lot of ISPs simply block this traffic.

This is an example:

So, I suggest you'd verify you ISP allows this traffic.

BTW, it seems you described the WAN Zone config. If you changed input and forward rules to accept, you've made a serious security misconfiguration.

If you did this to test, it won't work without setting the appropriate Port Forward for your device.

2 Likes
3

Hi

maybe you first need to check your Pub IP ?
maybe it is CGNAT ?

try this page
http://checkip.dyndns.org/
and compare with your WAN address in LuCI

2 Likes
4

Which NAS it is? DIYed using truenas or something like Synology?

most NAS system allow public sharing via their own system.

1 Like
5

please look in to fwknop (single packet authorization)

Makes your service appear as a fully closed firewall,
until client authenticates.
Can also setup port forwarding automaticaly.

(or keep it manual and just open the port to a specific ip that sent the majic packet)

clients for major operating systems are available