MyCloud.Zyxel can't detect my NSA325-v2

13»

All Replies

  • Tomalamix
    Tomalamix Posts: 34  Freshman Member
    edited November 2021
    Hello again,

    After strongly struggle with the router I think it's not capable of port translation. The support to it is very limited since the hardware is provided by my ISP and also the loaded firmware is made by them. So, after all I coulnd't access the router because this does not work for this router, Im using straight 443 -> 443 and 21 -> 21 forwards.

    I've created some technical tickets in the customer support area but i got stuck with people asking why do I want to translate the port to another target. I've quited on this front for now until I have more patience.

    Now, about my NAS being exposed to all the web, can I disable the admin account from exterior access? I'm very reluctant in leaving the hardware "available" to all the world. So for now I've created a dedicated user with access only to 2 or 3 paths, just enough to do what I want. The goal here is clear, everything I want to config must be done between my home walls avoiding any dangerous access to administrate my unit.

    Another question, is there a way to access the paths directly when I'm outside home in an environment similar to the one we usually use with Windows Explorer, navigating in some internal network location paths like its our local HDD ?

    Thanks!
  • Mijzelf
    Mijzelf Posts: 2,002  Guru Member
    OK, a few things. My Tweaks package gives you the possibility to change the IP address where the https service runs. It also has some tweaks for FTP, but not changing ports, as far as I remember, so I think the firmware webinterface has that option, as it would have been an easy tweak.
    is there a way to access the paths directly when I'm outside home in an environment similar to the one we usually use with Windows Explorer, navigating in some internal network location paths like its our local HDD ?
    For FTP you can use explorer itself, at least it could when I last used windows. (Which is some time ago).
    You can have a look at WinSCP which can utilize an SSH connection. Problem with this is that the data will be send encrypted, which is quite a burden for the NAS' CPU. You shouldn't expect more than 1.5~2MB/sec.
    You could use the same SSH connection to tunnel the webinterface though a SOCKS proxy.

  • Tomalamix
    Tomalamix Posts: 34  Freshman Member
    When you say "change the IP address where the https service runs" you mean port instead of IP address, right? I've found that tweak, I think I will use it to choose some other less obvious port number.

    About the SSH connection, it's OK, the files are small enough to work with, although this is not valid for video if I want to watch something, I have to think about it. Im not that good with network so I have to ask: the SSH is valid for both HTTPs and FTP or just for FTP because HTTPs already does that for HTTP ?

    Can i disable the admin/root accounts for connections from WAN ? To be safer to have the server exposed to the WAN
  • Mijzelf
    Mijzelf Posts: 2,002  Guru Member
    Tomalamix said:
    When you say "change the IP address where the https service runs" you mean port instead of IP address, right?
    Yes, right.
    About the SSH connection, it's OK, the files are small enough to work with, although this is not valid for video if I want to watch something,
    You'll have to try. 1MB/sec is more than enough for video. Think about it. 1MB/sec for 90 minutes is 5.5GB. I don't think your movie files are that big. But I don't know if SFTP (which is the actual protocol used) performs well in streaming.
    the SSH is valid for both HTTPs and FTP or just for FTP because HTTPs already does that for HTTP ?
    I'm not sure what you mean. Your SSH server also supports SFTP (or SCP, on older implementations) which is a filetransfer protocol just like FTP, but has further nothing to do with it. Further SSH supports tunneling, which gives the opportunity to tunnel HTTP (or HTTPS, but if I had the choice I would use HTTP, as the S is alread provided by SSH, no need for double encryption). You can also tunnel FTP, but that is less convenient, as you need to create a tunnel for each port, the command port and all data ports.
    While the S in SSH and HTTPS means about the same, there is one big difference between HTTPS and HTTP over SSH; for SSH you'll have to login. Which adds an extra layer of protection. To get access to the webinterface you'll have to login on SSH to create the tunnel.
    Can i disable the admin/root accounts for connections from WAN ? To be safer to have the server exposed to the WAN
    Not that I'm aware of.

Consumer Product Help Center