Firewall -- Restrict Access

I have the WD MyCloud. I want to make sure that only two specific IP addresses are allowed access to the storage device. How do I accomplish this? Thanks

I’m not aware of any facilities on the MyCloud to do this (without delving into the guts of Linux via SSH: the Linux gurus here may be able to advise).

Which leaves you looking at a router solution, which will depend on the configurability and features of your router.

Are you looking to allow external IP addresses, or local IP addresses?

Only two IP address to access what? The Shares/Folders on the My Cloud, the Dashboard, the SSH connection?

You may be able, if your network router supports it, be able to configure the router to block access to the My Cloud based on IP address. See your router’s user manual and or administration screen for more information.

It may be possible using SSH to configure the My Cloud firmware to restrict access to specific IP addresses for Shares/Folders (Samba) and or the SSH login, but it will require knowledge of Linux terminal commands and how to use SSH.

For restricting Samba access by IP addresses start with the following link: http://www.cyberciti.biz/faq/samba-user-network-file-sharing-restictions/

For restricting SSH access by IP address there may be several methods, see the following link for one such method: https://blog.tinned-software.net/restrict-ssh-logins-using-ssh-keys-to-a-particular-ip-address/

Have you read all the Help information provided in the Dashboard? Have you read the User Manual?

If it’s your My Cloud and you are the administrator then you can determine who gets access and who doesn’t.

cat0w
USA

Unfortunately though due to the way the single bay (at least v4.x) firmware is coded even if you try to prevent access, the Public share will always be available to access because WD, in its infinite wisdom, prevents the user from setting the Public Share to Private via the Dashboard.

And even though one can restrict/block access to all other Shares it doesn’t prevent someone from at least seeing the all the Shares on the My Cloud even if one cannot actually access them. Some may not want blocked people to see the Shares listed.

@Bennor To answer your first paragraph, I have to make a person a user for them to be able to use My Cloud. I don’t have to put anything in the public share.

For the second paragraph, There is a reason for having a user name and password for those who want it and that is to keep unwanted people from having access to their My Cloud. If I don’t want someone to see what shares I have then I would not make them a user to start with.

By the way since you can see my public share please take a screen shot and show me what is on it.

@cat0w,
I have all Shares/folders with the exception to the Public Share set to private on my single bay My Cloud, yet a PC (using a Windows 10 PC for example) that has access to my local network but which hasn’t used a My Cloud name/password to access a Private Share can still access the My Cloud listing of the Shares (through Samba). This means two things:

One, because one can initially access the My Cloud using Windows File Explorer (and I assume other file managers) they can see the names of all the Shares. Obviously one needs to be able to see all the Shares to be able to access the Private Shares, but because there isn’t an initial password to access the root Share level on the My Cloud any Public Share folder will be accessible. Which brings up issue number two.

Two, because there is no initial password needed to access the Shares via Windows File Explorer (and I assume other file managers) one has full read/write access to the Public Share folder and any Shares the My Cloud administrator has configured to Public.

Obviously this is primarily an issue for those on one’s local network and not primarily a problem for remote access users since remote access generally requires one to have a MyCloud.com account to access the local My Cloud device or a Dashboard generated code for WD mobile apps.

The inability to change the Public Share folder to Private has been a common complaint since WD removed the bug in the later v4.x firmware’s Dashboard that allowed one to set the Public Share to Private in the Dashboard. (See this thread for example from earlier this year.) There is at least one method perhaps more to set the Public Share to Private via SSH but not everyone will want to wade into the SSH/Linux command line method to set the Public Share to Private. (See this link and this one and see this link for a Cloud Ideas thread requesting the ability to set the Public Share to Private.)

Because of this I can understand why someone would ask if there was a way to restrict access to the (possibly entire) My Cloud based solely on the IP address, especially if the My Cloud is used in an environment with many PC/mobile clients on the local network. As the links I posted above there are apparently ways to restrict access to both SSH and Samba based on the IP address if one wants to do so.

Edit to add: A screen capture showing a Windows 10 VM that hasn’t accessed any Private Shares yet can still access the Public Share (and from there the subfolders to read/write data within it.

1 Like

What’s your IP address? I’ll have a look…

Ah missed this. :slight_smile: without knowing your broadband IP address or being setup for remote access would be a bit difficult to access your My Cloud remotely to see your Public Share folder(s). LOL

But as explained above anyone on your local network could still see what’s in your Public Share(s). And they could write files to that Public Share as well.