Hi All
I’ve attached a NAS Device to my router, and plan to setup port forwarding so we can access the drive from anywhere.
I was going to use Port 80 for port forwarding, but will this affect the other PC’s on the network security wise in anyway (all using CIS).
Is there any rules or anything I should add to the firewalls?
Thanks in advance
Chris
Hi Chris,
I assume the NAS has some form of authentication before you can access it?
IF you port forward to the NAS and use 80 make sure your running the latest firmwares that contain the latest security fixes.
Normally there are loads of people scanning the Internet looking for a vulnerable device…
Other question is how do you plan to use/access it and does it need to be so simple “grandma” can also access it?
If not I would suggest to run it at least on an alternative port number like 49180 or something, not that it ads so much security but most of the kiddies scan for the “lower” ports…
The above is based on the theory that you would like to access the NAS with a browser, I assume it supports other ways also like (S)FTP etc?
Opening a port to the NAS does not directly compromise the other computers security BUT in theory if someone can get to the OS of the NAS they could probably “jump” to the internal PC’s if you would be accepting traffic FROM the NAS TO your PC’s normally that would be only the other direction.
Hi Ronny
Thanks for the advice.
I did try it on several other ports but it would just not connect. Also, with another port range selected, if you typed just my IP address into a web browser without the XXX.XXX.XXX.XXX:PORT (just the default port 80) it went to the login page for my actual router?!
Was that from the Internet or on the Local Network?
I would not advise to let your router be manageable from the Internet on port 80, that’s totally insecure…
On the inside that’s normal, your router listens on this port so it’s not able to forward requests to port 80 to an other system.
From the Internet it should be possible to port-forward 80 to the internal NAS.
As far as i remember, there’s at least one possibility to test your lan, but with ftp protocol, with http, i don’t know.
http://www.g6ftpserver.com/en/ftptest
I agree with Ronny that port 80 is not a good idea for that, and it is not a good idea either, outside of security issues, to forward port 80 to a single lan computer.
Also note that some software (vnc is an example) have an option for server connexions through a java machine, and allow connecting to each of the lan computers, each with a dedicated port, by default 590n where n is the number affected to each computer; i don’t know enough of java to say if it would be a better security.
ip redirecting softwares could also be a possibility as, even if you have a fixed ip, “clients” would connect to a fake domain on an alternate port (e.g. 8245 by default for No IP) under firewall and password control, and being easier to forward port 8245 then 80 on a single lan computer.
Thanks both,
Ronny: I got that when i typed my external IP address into a web browser, not my LAN 192… address. The option for remote administraion is disabled in the router config. weird.
Brucine: I wasn’t forwarding to a computer on my LAN, it was a NAS HDD attached to my router. I’m sure I remember reading now it must be port 80?!? might be why it didn’t work with other ports?!?!
Cheers for your input
Chris
Yeah but was that on the local network using the external IP? or really from external on an other Internet connection?
This makes a difference for the Router.
It was only from my local network using the external IP (94.xx.xxx.xxx). Haven’t been able to check from another internet connection yet as my neighbours connection has been off for a few days 
So you think it could just be the router has recognised it is from an internal address?
Yes that makes a difference, it depends on which direction on which interface it enters the device…
OK, will give it a go again from a proper external source.
I’ll also setup port forwarding again and see if I can get it to work from another port other than 80 again.
As for your earlier question, I’ll be using it probably only from a browser and most likely be only me.
Thanks
Chris