ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

NAS/RAID security. Full r****d.



It's just a media tank, but I want access to my files from the internet. I've successfully setup the correct ports for FTP and I now have external access to it over the web.

I'm going to try and set it up so I can also see it as a network drive from outside my own network. Unfortunately, my router isn't supported by the EZ-Web setup, so I'm having to configure all the port forwarding manually in my router...and there's a ton of stuff to do. For now, FTP will do!

I am full r****d when it comes to this stuff, but I'm muddling through :eek:
 
It's just a media tank, but I want access to my files from the internet. I've successfully setup the correct ports for FTP and I now have external access to it over the web.

I'm going to try and set it up so I can also see it as a network drive from outside my own network. Unfortunately, my router isn't supported by the EZ-Web setup, so I'm having to configure all the port forwarding manually in my router...and there's a ton of stuff to do. For now, FTP will do!

I am full r****d when it comes to this stuff, but I'm muddling through :eek:

You could always use the NAS as a VPN endpoint and VPN back into your network rather than FTP? It depends on what you want available to you I suppose :)

I would just be wary of someone brute forcing the FTP password and wiping your data (haven't looked into the FTP functionality on the Synology kit so I am not too sure if you can blacklist people after 3 wrong guesses etc).

EDIT: Looks like you can (taken from a Synology blog)

Try enabling IP block. This will automatically block IPs that has made too many failed login attempts within a short period of time. You will be informed by e-mail when this situation happens and see which IP address is trying to access your DiskStation being tried. All blocked IP addresses are stored on the “block list”. But if your friend calls to say he forgot his password and was trying randomly to see if he can hit the jackpot. You can laugh and remove his IP address from the block list. Don’t forget to reset the password so he can access DiskStation again. In addition to limit the number of failed login attempts, there’s more you can do to boost security level. I usually place the DiskStation behind a router. The router only opens and forwards the required ports (ex: port 21, 80, 5000) to DiskStation. All other ports are closed so hackers won’t be able to sneak in. If your DiskStation is directly connected to the Internet, make sure you set up Firewall in DSM. Don’t let hackers get their chance!
 
Last edited:

ChrisR

ClioSport Club Member
You could always use the NAS as a VPN endpoint and VPN back into your network rather than FTP? It depends on what you want available to you I suppose :)

I would just be wary of someone brute forcing the FTP password and wiping your data (haven't looked into the FTP functionality on the Synology kit so I am not too sure if you can blacklist people after 3 wrong guesses etc).

What my preferred method would be, or some form of HTTPS access, I'd only want to use FTP as a last resort.

Although again that's my security head kicking in which instinctively says FTP bad, but then being a realist as long as you take the necessary precautions you should be ok ;)
 
Thanks guys. I've already enabled autoblock, but cheers for the heads-up.

I'll no doubt get into the other stuff as I learn more. I know nothing about networking, so all this stuff that you boys take for granted is just mumbo jumbo to me. I'm happy enough to have just set it up and enabled remote access!

TBH I ideally need a router that is supported by the EZ-Web setup application.
 

KDF

  Audi TT Stronic
We had this happen at work with a little SAN that we were using for something at a remote office. One disk went in the morning, no problem call up support to get a new one shipped out and before the spare could be introduced another disk went and everything broke :p

*COUGH* Hot spare *COUGH*

;)
 

ChrisR

ClioSport Club Member
*COUGH* Hot spare *COUGH*

;)

First thing I said to the storage guy who looked after the SANS was along the lines of how come the spare drive that sits in the enclosure (there were actually 2 spare!) didn't kick in in time!

Of course muggins here then had to drive the 100 miles to site to recover it all, which involved a dash to a 24hour Tescos at some god awful hour to pick up a USB hard disk to copy all the data off to just in case as the guy also then mentioned the backups haven't been working so he switched them off.

Oh and the most useless hardware engineer in the world who basically spent all his time on the phone to Dell in the US and just following instructions, I could of done that (and I'm useless with this stuff) and not why we requested an engineer on site with the parts!

Chap who looked after the storage wasn't too popular after that ;)
 

dk

  911 GTS Cab
*COUGH* Hot spare *COUGH*

;)

Not even that counts for much these days, as disks get bigger, and no faster, rebuild times take longer and longer, and so when a drive is going to fail, so even pre-failure warning, the disk is likely to fail before it's even had a chance to copy the data off. Even very big sans can takes days to redistribute 500 gb of data to the other drives, especially as its normally a background task given a low priority so as not to slow down access to the San. So not even a hot spare can save you sometimes, but if you have a netapp and have raid dp (basically a fast version of raid 6, which is normally very slow) you are twice as safe, as you can lose 2 disks per raid group, and the aggregate (pool of storage) is made up of multiple raid groups, so you could actually lose many more disks as long is its not more than 2 per 16 disks.

Then you have sync mirror which can synchronously copy data to a second set of disks in the same San. Or the p4000 from Hp and it's network raid, so 2,3 or even 4 copies of the same data in the array synchronously copied real time, as long as you can afford it, losing loads of disks can be protected against.
 

ChrisR

ClioSport Club Member
This was 2 in a 16 disk unit :) And pretty much what happened from what I can remember, second disk failed whilst the other one was being added into the array so hadn't rebuilt properly at that time.

But as said I'm not a SAN guy, I get the basics/principles etc but much like with Cisco kit I'd have no idea how to log in and do the stuff :)
 
  Rav4
Have you setup any shares on it yet? On my DS1511+ I had to go to Control Panel -> Shared Folder

Have you also setup the various services/options you want enabled under Win/Mac/NFS?

What's the 1511+ like? I have a ReadyNas NVX and looking at changing to the 1512+ .......

:D
 

KDF

  Audi TT Stronic
First thing I said to the storage guy who looked after the SANS was along the lines of how come the spare drive that sits in the enclosure (there were actually 2 spare!) didn't kick in in time!

Not even that counts for much these days, as disks get bigger, and no faster, rebuild times take longer and longer, and so when a drive is going to fail, so even pre-failure warning, the disk is likely to fail before it's even had a chance to copy the data off. Even very big sans can takes days to redistribute 500 gb of data to the other drives, especially as its normally a background task given a low priority so as not to slow down access to the San.

I understand where you are coming from, especially if all the drives are bought at the same time.

Just recently I had a disk on a RAID 5 array go down, we don't have the budget for replicating SANs so I retasked the rebuild buy increasing the minimum build rate and restasking the PID's to use multicore... users complained it was slower than usual but screw them.. how much would they have complained if the whole array went down and I had to restore from off site backups lol

Hot spares should always be included though, if you are not at the site it can start the rebuild automatically and save a bit of time. The RAID5 array was 9TB and only took 4-5 hours... not too bad really.

DK, are you the man to talk to about SAN's ? I have an upcoming project and I might need an iSCSI san.
 

dk

  911 GTS Cab
I understand where you are coming from, especially if all the drives are bought at the same time.

Just recently I had a disk on a RAID 5 array go down, we don't have the budget for replicating SANs so I retasked the rebuild buy increasing the minimum build rate and restasking the PID's to use multicore... users complained it was slower than usual but screw them.. how much would they have complained if the whole array went down and I had to restore from off site backups lol

Hot spares should always be included though, if you are not at the site it can start the rebuild automatically and save a bit of time. The RAID5 array was 9TB and only took 4-5 hours... not too bad really.

DK, are you the man to talk to about SAN's ? I have an upcoming project and I might need an iSCSI san.

Not all sans even support spares these days, Hp p4000 has no spare, nor does a Hp Eva, or a Hp 3par, thinking about it, they are all Hp lol. They use the space available in the array to rebuild it, as they are virtualised sans in effect.

I can certainly offer advice on a San though, as long as its a mainstream one you are after rather than a cheap arse software type thing. My main products are Hp and netapp, I have colleagues who do dell and emc. From Hp you have the p2000 and p4000 when it comes to iscsi, netapp you are looking at the 2040, this also has the capability to do all protocols though including fc, Nfs and cifs, does dedupe etc.

If you let me know what features you need, the sizing and budget etc I will offer some advice.
 
  Rav4
Not all sans even support spares these days, Hp p4000 has no spare, nor does a Hp Eva, or a Hp 3par, thinking about it, they are all Hp lol. They use the space available in the array to rebuild it, as they are virtualised sans in effect.

I can certainly offer advice on a San though, as long as its a mainstream one you are after rather than a cheap arse software type thing. My main products are Hp and netapp, I have colleagues who do dell and emc. From Hp you have the p2000 and p4000 when it comes to iscsi, netapp you are looking at the 2040, this also has the capability to do all protocols though including fc, Nfs and cifs, does dedupe etc.

If you let me know what features you need, the sizing and budget etc I will offer some advice.

They are all software, but I see what you're saying. Even some of the cheap arse software ones can out-perform some of the mainstream contenders ;) SAM-SD !

KDF -DK works for a good company as you might know, you'll be in safe hands.
 

dk

  911 GTS Cab
Yeah i've just spent 15k this morning with them, should help towards his next holiday ;)

FLOL, who do you work for, who's your account manager? we have some serious hotties working there these days, times have changed since i first started.
 

dk

  911 GTS Cab
He's a new guy really, not really worked with him but he seems like a nice guy, and just because they are hot, doesn't make them a good account manager, id take a guy myself.
 
  Rav4
FLOL, who do you work for, who's your account manager? we have some serious hotties working there these days, times have changed since i first started.

I went to Marlow the other weekend and sat next to your marketing lady, I think she was on a date........ Jade Elise I think.
 
Right so I'm in a bit of a pickle :(

I have now put my Super Hub into modem only mode, and added a Linksys E4200 router. Everything is connected ok. The NAS is visible and usable through Finder, either wired or wireless. However, I cannot access the web interface at all, wired or wireless. Synology Assistant.app cannot see the NAS over wireless, but it can see it wired, and reports it as healthy, but when I click connect, Safari is unable to contact it. Massive ballache.

All IP addresses appear correct. Any ideas?

EDIT: Sorry. Inaccurate information. Finder cannot see it unless I'm wired.

So basically the NAS is completely unreachable unless I wire-up, but even then it's only Finder that can contact it. I cannot login through a web interface at all, even wired.
 
Last edited:
  Rav4
Right so I'm in a bit of a pickle :(

I have now put my Super Hub into modem only mode, and added a Linksys E4200 router. Everything is connected ok. The NAS is visible and usable through Finder, either wired or wireless. However, I cannot access the web interface at all, wired or wireless. Synology Assistant.app cannot see the NAS over wireless, but it can see it wired, and reports it as healthy, but when I click connect, Safari is unable to contact it. Massive ballache.

All IP addresses appear correct. Any ideas?

EDIT: Sorry. Inaccurate information. Finder cannot see it unless I'm wired.

So basically the NAS is completely unreachable unless I wire-up, but even then it's only Finder that can contact it. I cannot login through a web interface at all, even wired.

Can you ping it wired or wireless?
Are you sure that's the right IP address?
Are you using an IP address or host name to get onto it?

A bit strange.
 
God this whole saga has me feel like a proper r****d :eek:

Thanks for the response dude but I've fixed it now. I had to hard reset the NAS sever in the end via a little hole on the back, and now everything is hunky dory again.

POFS! LOL ;)
 


Top