How to remotely FTP access my NAS

My Cloud OS 3 Personal & Network Attached Storage My Cloud EX2
1

Hello,

When my computer and my NAS are on the same network (locally, at home), I can access my NAS via FTP (using FileZilla Client). See below screenshot. As you can see, I just need to put in the Host field the IP address 192.168.1.22 and then connect. This works.

001
001757×556 28.3 KB

Question:
Could you please explain me how to access my NAS remotely (still with FTP) when I am not on the same network than my NAS (for instance, when I am at work) ?

Basiaclly, I would need to know what needs to be put in the below fields to be able to acces remotely

  • Host: ? ◄ I think this is what I miss. What IP or Host name should I grant?
  • Username: ?
  • Password: ?
  • Port: ?

Thank you in advance for your help.

2

Welcome to the grand adventure.

I am going to give abbreviated steps. You will have many details to work out.

  1. You need to know the WAN IP address of your router. (it will not be a 192.168.xx.xx number)

  2. Note that for most, your ISP is supplying this address to your router, and it can change. You may need to use a server that will do a DNS lookup for your. (so instead of typing 22.34.14.44:100 to access port 100on your router, you type “www.me.com:100” to access port 100). I have an asus router. . . and they offer this service for free. (so. . .I type something like “MyHandle.asuscomm.com:100” to get port 100)

  3. You need to setup port forwarding on your router, so that it knows that anything coming to a specific port (say, “100”) needs to be directed to a specific port on your NAS.

Example: Let’s say your NAS expects FTP traffic on port 22, and it sit on 192.168.0.10.
Let’s say you have your router on “MyHandle.asuscom.com
In the router, you configure port 100 to 192.168.0.10:22.
That way, when away from home, you type “myhandle.asus.com:100”. Your router will send all the data to port 22 on 192.168.0.10

  1. Make sure that your NAS is set up to expect FTP traffic on the chosen port. The port number is configurable (Default = 22?)

  2. A reminder on just how freakin’ insecure this type of connection is. Also, the cyber protections for WD NAS’s is dubious at best. Frankly, after learning how to do it. . .I simply block ALL WAN access to the NAS at the router.

  3. If you insist on doing this. . . use a VPN to your home network. THat way, you will be technically on the same network as your NAS. . .so that actually simplifies a few steps. Note that the software I use assigns a different subnet to any VPN connection. . . there is a setting in the EX2 Ultra which will allow connections from other subnets within your network. (in other words, my NAS might be on 192.168.0.100. . .my PC at home will be 192.168.0.110, but my remotely connected lap top will get an IP of 10.24.0.110)

  4. Make sure your NAS has ports for external access mapped in the router.

4

Thank you @NAS_user and @dswv42 for your replies.

I will asap dig into @NAS_user tutorial and try to make it work by myself (at least to understand how it works).

Question:
Based on your words, a FTP connection is unsecure.
But if i grant FTP access to only one specific folder on my NAS that contains only public data, will my other folders (FTP access not granted) that contain private data be at risk ?

5

Beats me.

WD MyCloud software had a number of security holes in general; most of which have been patched.

This is why I think it best to simply block the whole unit.

6

First of all, when you create a MyCloud USER and SHARE, you should remove the PUBLIC Access to the SHARE.

FTP Access requires the following considertions:

  1. Your INTERNAL ROUTER must have the PORT that the WDMyCloud Server will use for FTP such as PORT 21 - OPEN through the router to your specific WDMyCloud. This is done on your router in Port Forwarding. DO NOT just widely OPEN PORT 21 through your router. That is like leaving your front door open and wondering why someone drank the milk from your refrigerator.

  2. The ‘Share Access’ of a specific SHARE must have ‘FTP Access’ turned ON. Make sure it says ‘Anonymous None’ Make sure you click ‘Apply’ after flipping the ‘FTP Access’ ON

  3. The IP Address that you will configure for you FTP Client will be your current WAN’s IP as the IP leased from your Internet Service Provider. You can find this in a web browser by entering the address: whatismyip.com. Please note that this IP Address may change from time to time based on the time that your ISP leases the IP Address to you. I have found that if you have any program or web server running on an internet facing computer on your LAN, that your ISP will re-lease you the same IP Address continuously. Otherwise, if your ISP leases an IP Address to you and it expires in 72 hours, you will get an entirely new IP Address. In which case you will always have to check your current IP Address (whatismyip.com) and inform your remote user.

  4. I have read some posts where users have said when you allow FTP access you open up all your shares. That is not true. Remember do not let any of your SHARES to be set as ‘PUBLIC’. It goes by the following:

    • The SHARE must have ‘FTP Access’ turned on
    • The USER must be granted READ or READ/WRITE access to the share
    • When a user logs onto the FTP server, he will ONLY see the SHARES that he has ACCESS
      to and are FTP Access enabled.