Question about network folder location within security boundaries
Question about network folder location within security boundaries
Hello everyone, I've been searching online for a straightforward way to share this folder safely with people outside my network. It's important for me to connect securely and easily, especially for my parents. I'm looking for simple setup options that would work well for both of us. Please let me know if you have any suggestions or solutions. Thank you!
Check if your network uses a dynamic or fixed public IP address and whether CGNAT is in effect. These factors can significantly restrict your choices based on your setup.
Your connection is always changing. You already have some experience with this and use dynamic DNS addresses that refresh your IP when it updates. I hope you can make use of these addresses—like xxxx.dyndns.com—and share the password if needed so your family sees your folder. If this was easy, it would be a perfect world, right? Now regarding CGNAT—I’m not sure. From what I understand, my main modem supports NAT, but I can’t find any information about CGNAT.
Have you ever configured port forwarding? I imagined setting up a Client-to-Site VPN, but only if you're allowed. What matters is your ISP isn't blocking you through NAT64-CGN. There are alternatives to consider.
I can easily forward files without any issues. The rest depends on what I need to achieve.
To share via SMB on your network, first configure your router to forward ports 135-139 and 445 (TCP/UDP) to the host machine running the shares. Create a username and password for the shares just as you would locally. After setup, connect from another device; it will appear as \\53.23.84.32\<SHARENAME>. Remember, these ports are common targets, so be cautious of potential attacks. Use strong credentials and consider enabling read-only mode to protect your files.
The best approach is to set up OpenVPN and let your parents safely join the network from that device. You'll only have to redirect one port, while Windows file shares should function normally—just make sure to use the correct LAN IP instead of the name.
The account applies to the whole machine, but you control its capabilities. Convert it to a standard user profile and then grant access only when sharing the folder. Restrict permissions so the account can view that specific share remotely—ideally with read-only settings. Yes, \\dyndns\sharename works, though it won’t appear in your local network settings. Remote users must enter the exact path; they can’t browse the whole Internet to locate it. You’ll need to specify the remote computer’s location so it recognizes and opens the share if authorized. For the share itself, you have limited control—no browsing or full access. On the router, you can block IP ranges that reach the share. If users have fixed IPs, that’s secure; otherwise, use your ISP’s assigned addresses (like 62.223.X.X). For a safer approach, consider a VPN, despite the extra steps. If it’s just one share, the setup is simpler but less protected. Emphasize using a strong password—hackers will target open SMB ports and try to breach them.
Thanks to everyone for the valuable tips and varied ideas. I chose to skip the SMB share because it was too risky. I recall when I configured remote access through the default port—it was being used excessively, so I switched to a different one and it now rarely gets hit. I’m planning to invest in VPN access using OpenVPN or another option. I’m also thinking about setting up SFTP, but I need more clarity on what matters most to me. I believe I can handle the setup myself, as long as my users can connect easily without many steps or installations. Using an address on their PC to access my folder seems the simplest approach in my view. Which system—OpenVPN or SFTP—would be most convenient for my remote users to access this shared folder? Thanks again, Ben.