F5F Stay Refreshed Power Users Networks Question about network folder location within security boundaries

Question about network folder location within security boundaries

Question about network folder location within security boundaries

Pages (2): Previous 1 2
P
PersieO
Posting Freak
Find
786
04-20-2023, 04:41 PM
#11
I suggest avoiding exposure of SMB to the open internet. The protocol has several weaknesses (only three reported last year!) and new threats are likely to emerge soon, potentially enabling ransomware or other malicious software distribution. Even if data can be accessed, it may include sensitive details like personal files, photos, and information that shouldn't be shared publicly. Instead, consider using a VPN such as OpenVPN or Wireguard. Connect from an external location via the VPN and then you'll have full access to your internal network as if you were directly connected (though performance might be affected by bandwidth and latency). Regarding CGNAT, if your router's WAN IP falls within RFC1918 or 100.64.0.0/10 ranges, you're on a private network and will need a third-party service with a public address. With CGNAT, you can enable port forwarding (destination NAT), but this alone won't work because ISPs still block those ports. If your router has a public IP address, port forwarding should suffice to permit external connections to your devices.
Reply
Reply
P
PersieO
04-20-2023, 04:41 PM #11

I suggest avoiding exposure of SMB to the open internet. The protocol has several weaknesses (only three reported last year!) and new threats are likely to emerge soon, potentially enabling ransomware or other malicious software distribution. Even if data can be accessed, it may include sensitive details like personal files, photos, and information that shouldn't be shared publicly. Instead, consider using a VPN such as OpenVPN or Wireguard. Connect from an external location via the VPN and then you'll have full access to your internal network as if you were directly connected (though performance might be affected by bandwidth and latency). Regarding CGNAT, if your router's WAN IP falls within RFC1918 or 100.64.0.0/10 ranges, you're on a private network and will need a third-party service with a public address. With CGNAT, you can enable port forwarding (destination NAT), but this alone won't work because ISPs still block those ports. If your router has a public IP address, port forwarding should suffice to permit external connections to your devices.

Reply
Reply
W
WildCandy
Senior Member
Find
675
04-20-2023, 07:47 PM
#12
I believe I’m not using a CGNAT setup. I’ll check OpenVPN and Wireguard to see which is simpler for me to grasp, as you suggested. Thanks again!
Reply
Reply
W
WildCandy
04-20-2023, 07:47 PM #12

I believe I’m not using a CGNAT setup. I’ll check OpenVPN and Wireguard to see which is simpler for me to grasp, as you suggested. Thanks again!

Reply
Reply
I
iTzMxritz
Member
Find
61
04-21-2023, 12:02 PM
#13
I located this solution and recently tested Resilio. It didn’t require adding links—I wasn’t sure about the restrictions. It looks perfect for me, simple to configure... and it’s free enough for my requirements. The folder is shared directly, securely with a small installer. Previously, it was known as BittorrentSync.
Reply
Reply
I
iTzMxritz
04-21-2023, 12:02 PM #13

I located this solution and recently tested Resilio. It didn’t require adding links—I wasn’t sure about the restrictions. It looks perfect for me, simple to configure... and it’s free enough for my requirements. The folder is shared directly, securely with a small installer. Previously, it was known as BittorrentSync.

Reply
Reply
Pages (2): Previous 1 2