DSM-G600, DNS-3xx and NSA-220 Hack Forum

Am I right to assume that you want to mount your DNS-323 discs from a PC which is located on the internet?

I'm not 100% sure about this, but I think you need to portmap the following:

UDP/137 for nmbd
UDP/138 for nmbd
TCP/139 for smbd
TCP/445 for smbd

However, be aware that these ports are very often scanned by malicious people so make sure you protect your files and DNS acces with proper passwords.

If the above does not work, google is your friend ;-)   ...and the keywords are samba smb cifs ports

Good luck, and please report back if you're succesful.

/Apan

find out how to install a webserver on the unit and install some sort of gallery software.

well.. then create a ftp-user.. OR as KRH said.. install Debian, a webserver and gallery... I run apache with apache::gallery (perl module), and it works great

rickyrtl wrote:

I've been trying to get this working for a month.  I can access it fine from the local network at home.  But once I'm at work, I can't.  I have DynDNS set up, which I've tested and confirmed works.  I have my router set to forward those 4 ports.  I've even set it to forward both UDP and TCP but that didn't seem to help at all.  Once I'm at work, I can't connect.  Once I get home, the mapped drive connects fine.  I'm starting to think this might be DNS-323 specific.  Has anyone tried mapping the network drive remotely?  I do understand that it's a security risk, however, I need it setup like this for a few months so I can remotely work on a library of files.  And I'd rather not have to transport the drives with me back and forth to work.

Do you really understand the security risks involved?
Does the company you work for have a security policy?
Have you considered that the required ports may be blocked in your "work" firewall?

I don't know where you work or what you do there, but if the sysadmin is competent, those ports should be blocked in the firewall, AND the security policy should forbid the use of removable media drives by unauthorised personnel and definitely, but definitely, no connection of any personal storage devices to the network.

fordem wrote:

Do you really understand the security risks involved?
Does the company you work for have a security policy?
Have you considered that the required ports may be blocked in your "work" firewall?

I don't know where you work or what you do there, but if the sysadmin is competent, those ports should be blocked in the firewall, AND the security policy should forbid the use of removable media drives by unauthorised personnel and definitely, but definitely, no connection of any personal storage devices to the network.

Yes I do understand.  My work isn't high security NASA.  Everybody here uses thumb drives and sometimes bring their laptops from home.  And no, the ports aren't blocked from my work firewall.  Yeah, it's a small office, and don't worry, we don't process anyone's social security/credit card information or have detailed plans for nuclear bombs.  People wouldn't take our information if we gave it away for free.  Also, by being a small office, a lot is still done on paper.  We don't have an online HR system or anything like that.  Yeah, you can count the number of people here on your hands.  We also have ports open for CounterStrike and Unreal.  Yeah, I'm pretty sure those ports haven't been used in a while, but have just been left open.

Basically, I have a large collection of photos that Adobe points to on my mapped drive.  I'd like to be able to edit/process them, while I'm at work.  Yes, that's me slacking off at work.  I just can't FTP the files back and forth since it would mess up the internal library/catalog that Adobe creates.  It was a pain to update it when I moved all the photos to the DNS-323, but my whole point of this was so I could access it remotely.  I've backed them up, so I'm not too scared if the files get corrupted or hacked, since I don't think pics of my vacation are worth that much. 

I just assumed, straight Samba share, forward ports, access files.  But it doesn't seem to be that simple.  I did this before when I had a linux box running at home, but I was hoping this could replace it.  Since this worked before, I don't think the problem lays in my router either... but anything could happen.

Any help would be appreciated.

rickyrtl wrote:

Yes I do understand.  My work isn't high security NASA.  Everybody here uses thumb drives and sometimes bring their laptops from home.  And no, the ports aren't blocked from my work firewall.  Yeah, it's a small office, and don't worry, we don't process anyone's social security/credit card information or have detailed plans for nuclear bombs.  People wouldn't take our information if we gave it away for free.  Also, by being a small office, a lot is still done on paper.  We don't have an online HR system or anything like that.  Yeah, you can count the number of people here on your hands.  We also have ports open for CounterStrike and Unreal.  Yeah, I'm pretty sure those ports haven't been used in a while, but have just been left open.

Basically, I have a large collection of photos that Adobe points to on my mapped drive.  I'd like to be able to edit/process them, while I'm at work.  Yes, that's me slacking off at work.  I just can't FTP the files back and forth since it would mess up the internal library/catalog that Adobe creates.  It was a pain to update it when I moved all the photos to the DNS-323, but my whole point of this was so I could access it remotely.  I've backed them up, so I'm not too scared if the files get corrupted or hacked, since I don't think pics of my vacation are worth that much. 

I just assumed, straight Samba share, forward ports, access files.  But it doesn't seem to be that simple.  I did this before when I had a linux box running at home, but I was hoping this could replace it.  Since this worked before, I don't think the problem lays in my router either... but anything could happen.

Any help would be appreciated.

I've heard you out and no, you don't understand the security implications.

Don't misunderstand this for a threat - but - what would you do if the FBI came knocking on your door - either at home, or at work - because they had traced, criminal, possibly terrorist activities to that location?

Think it's unlikely to happen to you?

I'm in Guyana - if you don't know where that is, it's the only English speaking country on the South American continent - and I've seen it happen here - and guess what, the guy wasn't processing credit card transactions, and had no data worth stealing either - that didn't stop the FBI who have NO jurisdiction here from walking in, escorted by local law enforcement, and confiscated equipment and arrested the owner - because of one single email, traced back to his ip address.

You may not have any data you consider worth stealing, but that is only one aspect of the security implications - you obviously have no idea what can be done through open SMB shares.

A scan of the DNS-323 reveals open ports 80, 139 & 443 and if you have the ftp server running 21, so port 139 should be the only thing you need to forward.

Make sure you have a default gateway configured in the DNS-323 LAN settings.

From a PC on your home network, go to www.grc.com and use ShieldsUp! to verify that the ports you think are open, are in fact open - your ISP may be blocking them, once you have verified they are open, you need to find if they are blocked anywhere along the "path" from work to home.  Download NetGong from www.tsarfin.com and install it on a PC at work - you can configure NetGong to check for the availability of a specific port

rickyrtl wrote:

Thanks fordem.  You've helped solve my problem.  Fortunately, it was not a hardware issue with either my dns-323 or router.  From your recommendation of ShieldsUp! I was able to see that my ports were still blocked.  Apparently, my ISP has taken it upon themselves to block those ports.

Looks like I'll have to take the long route and setup a VPN to my home network.

You're welcome - it's not unusual for ISPs to arbitrarily block ports, sometimes they do it for security, sometimes they do it to prevent subscribers from hosting servers in violation of the terms of service, sometimes they do it to differentiate between different tiers of service - for example, a regular domestic subscriber could have VPN ports blocked, but for a few dollars a month more, they'll bump you to the "telecommuter" plan which is exactly the same service with the VPN ports open - and sometimes they do it because they haven't a clue as to what they're doing.

What gets to me is when they block additional ports with no warning - so, for example, I have Windows HomeServer fully functional, with remote access, and a week later the remote access is broken, after a couple of hours futzing around at midnight, I gave up and called the ISP the next morning - yup they had another port to the block list.

Speaking of Windows HomeServer - take a look at it - it's Microsoft's entry into the home server space and does offer secure remote access from a Windows client, in a manner that's fully transparent with Windows.  I'm not certain if it's still available for evaluation

Last edited by fordem (2007-10-16 22:12:39)

That was a by invitation beta - I'm not certain if it's still available - if I recall correctly there's an "RC" that came out after the CTP one.

It used to be a 1 year license - but - they apparently have the ability to change your expiry date so that may have changed now that the code has been released.  It has been available in Australia for a while and one or two places in the US may have it.

I'll be in Miami next week - I just might pick up one of the HP MediaSmart servers if it's actually available

Last edited by fordem (2007-10-17 03:52:40)

Spirit wrote:

May I suggest the use of a VPN. That's what I did, I have a box at home which allows me to connect it through a VPN tunnel and them it's exactly like I would be home and works just fine!

'xcept that it's a bit slower - but - usually quicker than driving across town or wherever

If I had a dollar for every minute that VPNs have saved me, man I'd be rich, not a millionaire, but rich.

Can I have some more details on how you installed DD-WRT on your Linksys with OpenVPN running.

For myself, I do use without any problem FTP server from outside via explorer under any windows. I am using ITunes server via a DAAP server protocol which is not so good due to limitations in number of files, etc. ( actually I access 12 000 files but I've 500 000 to access ) but it works from any Internet explorer (FireFox does not support DAAP yet or may be I need a plugin) . I'm looking for the way to access UPnP serveur from outside ( is it possible? Which ports do I have to forward? etc )

Thank You from Paris