Sign in with
Sign up | Sign in
Your question

Accessing router based network storage from outside network

Last response: in Networking
Share
March 9, 2011 1:49:38 PM

Hello,

I am wondering if all routers that have a USB port to which network storage can be attached, support the functionality to enable that storage to be accessed from outside the network. If this is true how (in a conceptual sense) can the router be configured to do this and what are the security implications
March 9, 2011 2:02:08 PM

Typically, those routers also support access to the USB storage using FTP and/or SMB (Windows file sharing). In order to gain access externally, you'd just need to open the ports relevant to those services and port forward to the router's IP address (come to think of it, you may not even need to port forward since the public IP does belongs to the router).

As far as security implications, these protocols are only secured by authentication, and not the strongest authentication either. The data always travels “in the clear”. What you really want is something like SSL, where you can access those services in a completely secure fashion. That's why I wouldn't recommend opening the ports to these protocols on the router. Even the FTP and SMB implementations on the router are not necessarily invulnerable to attack.

What I would do is either use remote desktop solutions like LogMeIn or TeamViewer, or LogMeIn Hamachi. Now granted these require a running PC (and that may be counterproductive if your intent was to avoid running a PC by using the router as a NAS), but this makes it possible to completely secure your FTP/SMB sessions over SSL. And there are no ports to open or manage on your firewall.

The only other suggestion might be to use a dd-wrt/tomato compatible router and run a PPTP or OpenVPN server (on the router). PPTP isn’t necessarily the most secure protocol, but it does offer reasonable protection, and is simple to setup. OpenVPN is more secure, but more complex. Either can be problematic at times since ISPs often block their ports, or don’t support some of the underlying protocols (e.g., PPTP requires support for protocol GRE 47, many older routers don’t support it).

m
0
l
March 9, 2011 2:26:33 PM

P.S. I should have added, one other way to access the USB storage device would be to use SSH (Secure Shell). It's a proxy server that runs over a secure protocol. You can run it on a PC, or again, use a dd-wrt router and run it on the router itself. You then use an SSH client (e.g., Putty, BitVise) and configure your client applications to use it as a proxy(e.g., FTP). As always, you have to consider the possibility of vulnerabilties in the SSH server's implementation, and ports being blocked by the ISP.

While it does work, I have to admit it's a bit tedious to setup and manage. It's certainly not for everyone.
m
0
l
Related resources
!