MyCloud.Zyxel can't detect my NSA325-v2

Tomalamix
Tomalamix Posts: 34  Freshman Member
Hello again,

Recently recovered my NAS server from some corrupted internal files and now I'm ready for the next step, reestablish the connection of my NSA325 to MyCloud.Zyxel like I had some time ago, but now, for some reason I can't do it. I tried searching automatically, no joy, and then tried to add it manually, also doesn't work, while using this second option there is a real strange issue, the 10 min timer starts the count down and it stops (with a failure to find the NSA ) within the first 10 seconds of the whole 10 min, I should have 10 min to press the button in the front panel and not 10 seconds.

The NAS is in the DMZ zone, the DNS is set for the Google DNS and I can ping the exterior, no problem but something else is missing. Of course I have MyZyXELcloud- Agent installed, version 0.0.15zypkg0015.

What can I do now?

Thank you! 
«13

Answers

  • Mijzelf
    Mijzelf Posts: 1,802  Guru Member
    Can't help you with MyZyxelCloud, but
    Tomalamix said:
    The NAS is in the DMZ zone,
    is definitely a bad idea. It's not designed for that, and it shouldn't be necessary. AFAIK the cloud function reaches out to the ZyXEL server, and for other purposes you should create proper port forwards.
    There is a known vulnerability which can give an attacker access to your box, when the webinterface is exposed. (It can even give access when the webinterface is not exposed, but you open a certain (outside) webpage in your browser. ZyXEL didn't fix this for the NSA series, but in the Tweaks package is a fix implemented (which you have to enable manually).
    Almost certain there are other vulnerabilities, just unknown to me.
    Bottom line, you should use DMZ only for well maintained servers, running a proper firewall. (The NSA325 doesn't have a firewall, and BTW, most firewalls wouldn't stop this know vulnerability)
  • Tomalamix
    Tomalamix Posts: 34  Freshman Member
    edited August 11
    Thank you Mijzelf for your input. 

    For now, the box is turned off, Im using DMZ to rule out any block made by the router and while Im trying to put everything in working order again. After i solve this I will follow your advice and i will use the port forwarding to keep the box online.

    About the cloud service if not even you're aware of this problem maybe posting here my issue here is dead end? If thats the case maybe is better to establish some other contacts somewhere else but i don't know where to start. 

    Thanks
  • Mijzelf
    Mijzelf Posts: 1,802  Guru Member
    Tomalamix said:
    About the cloud service if not even you're aware of this problem maybe posting here my issue here is dead end?
    I don't have the impression much people are around here. But 'even me' is not an argument here.  I don't know about cloud service because I'm not interested. You know, 'the cloud' doesn't exist. It's just someone else's computer. By using the cloud you are relying on someone else's security, and someone else's server. That someone else can stop his service at any moment, leaving you in the dark. And if you don't know how he earns his money, odds are that you pay for it, somehow.
    So I will not use any cloud function if I can avoid it, and I never tried to use ZyXELCloud, so I don't know the pitfalls. I only know that it installs itself on fw5, and starts generating thumbnails, eating cpu and keeping the disk busy, so I added an option in Tweaks to block the auto-install.
    To be honest I don't know which functionality the service offers, so I can't recommend any alternatives.
    If thats the case maybe is better to establish some other contacts somewhere else but i don't know where to start.
    The only other dedicated forum I know is zyxel.diskstation.eu, from which I also don't know how many people are around there. But at least the 'Zugriffe' (views) have higher numbers.
  • Tomalamix
    Tomalamix Posts: 34  Freshman Member
    Yes, I agree with you when you say the cloud doesn't exist, is, as you say, a computer somewhere around the globe where my data is stored.

    Well, I'm not comfortable with some random computer to keep my data there so I bought this NAS server to act as my personal cloud, the problem is that my IP is not fixed, I need something to keep on track my actual IP when I need to access my NAS to get something or put something there.

    The NoIP and DynDNS services could be a solution but it really annoys me to keep receiving on my email useless "offers", ads, subscription renewals and so on when what I want is something as simple as to know what's my NAS IP at a certain moment and certain place (not at home, of course) to then access to it using the supplied IP address. The MyZyXELcloud offers me that in a real simple manner with no hassle at all, no emails, no ads, nothing.

    Maybe there is another package i could install to be able to handle this and that I'm not aware? I really would like to avoid the NoIP and DynDNS free services for that, too mush garbage.

    Tomalamix
  • Mijzelf
    Mijzelf Posts: 1,802  Guru Member
    I'm happy with DuckDns.
  • Tomalamix
    Tomalamix Posts: 34  Freshman Member
    But I'm "locked" to use only one of the DDNS providers available in the box configuration list. Is there another way to config the NAS to use DuckDNS ?
  • Sapphire23
    Sapphire23 Posts: 34  Freshman Member
    Looks like you have changed your NAS's content when looking at https://community.zyxel.com/en/discussion/11070/repository-not-visible-in-nsa325-v2-fw-4-81#latest thread.

    Probably that's the reason why you can't connect to mycloud.zyxel.

    But maybe you can make port forwarding to your NAS from your main router and create DDNS from DuckDNS or other DDNS providers?
  • Mijzelf
    Mijzelf Posts: 1,802  Guru Member
    edited August 13
    Tomalamix said:
    But I'm "locked" to use only one of the DDNS providers available in the box configuration list. Is there another way to config the NAS to use DuckDNS ?
    It's more convenient when your router can do the DDNS task, as the router knows when the WAN address changes. You NAS can't know that, without help from outside.

    But most DDNS providers, including DuckDns, have a very simple API. Just accessing
    will update YOURDOMAIN to the ip address the access came from.

    So a cronjob which once an hour executes curl is enough for a simple DDNS implementation.

  • Tomalamix
    Tomalamix Posts: 34  Freshman Member
    Ok, I'm checking the NSA325 and it only allows me to create/manage a DDNS service from:

    DynDNS.com; NoIP.com; 3322.org; zoneedit.com; dhs.org; myzyxel.in.th

    Some are payed services, others are shaddy or seems to be abandoned and finally those that requires you to send emails every now and then.

    In my router I have:

    dtdns.com dyndns.org no-ip.com changeip.com

    Again, some are paid, others no longer exist and so on.

    So, putting this, and since in my both drop-down lists I don't have duckdns how can I use their services (or someone else's) ?

    I've understood that a cronjob could do the trick but where should I put it running and how?
  • Mijzelf
    Mijzelf Posts: 1,802  Guru Member
    There are several ways to get a cronjob executed. But the most easy one is to use the Tweaks package, which has an option to add a job to the firmware's cron list. But there is a catch, as it all is handled via a webinterface which is written in shell script, not all characters will survive the transfer from webinterface to actual cronjob. So in your case I'd write a simple script and put it in \\NAS\admin:

    #!/bin/sh

    and add a cronline

    15 * * * * sh /i-data/md0/admin/yourscript.sh

    This will execute the script each hour, at 15 minutes past. This will prossibly spin up the disks, to read the script.
    A way to prevent that is to use two lines:

    @reboot cp /i-data/md0/admin/yourscript.sh /tmp/yourscript.sh
    15 * * * * sh /tmp/yourscript.sh

    At reboot (or poweron) the script is copied to /tmp/ (on a ramdrive) and that script is executed each hour.