Funkemonkey

Just realized I could use a digital ocean VM linux distro to setup a server for around $5 a month. After going all the AWS and Azure fees and paying for elastic ip, I think digital ocean looks pretty good.

Oddly enough, I actually have a Pfsense box that I built, but I have never really opened up any ports to the internet with or without it as I have never had a reason to. We had gotten a different router and modem from our ISP, and since no one in the house was doing anything crazy, I have not really used it the past year or so. In my eyes, the downside to leaving the PFsense firewall at home is that I am the only one that has any clue how to even get into it, so if I am able to get by with a nicer gui firewall on something like a sonology router, then I would prefer to do that in case something gets borked. I am currently going to have to be traveling a lot for the next year or so. At the moment, I can either setup a VPN or SSH server, or I can do a reverse VPN setup as seen by this video (Linking both the home and remote networks via a cloud VPN server: https://www.youtube.com/watch?v=b7qr0laM8kA For any option that doesnt use a cloud server as a middleman, while they are cheaper, I am still trying to determine if either a router and pfsense combo is enough to protect the home network with open ports. I have plenty of decent switches that offer vlan, so I could still isolate the NAS and VPN/SSH server from the other devices. I just have not been able to find a lot of information regarding what steps to take in protecting a network once those ports are forwarded.

Thanks for the reply. I am just making sure that I know what I am getting myself into. Unfortunately, the data needs to be backed up remotely, and it is pretty critical information--hence my questions. Do you have any links for setting up vpn access?

Overall Project: - I am currently in the process of setting up a remote NAS (freenas) for backup purposes. - My problem is figuring out a good solution for securing the access to that NAS and then the rest of the computers on the same network. (The NAS would be back at home). I am not a networking specialist, and I have never really dealt with securing remote networking. Most of what I have done has been in the safety of LAN setups. - Any and all help is greatly appreciated! Questions: 1) What is the best way to secure a freenas server for remote access backups? 2) What is the best way to secure the network that server is on to prevent further network damage in the event of a compromise? 3) Are there any firewalls hardware or software capable of protecting these forwarded/open ports for vpn/ssh connection? (pfsense, sophos or others) 4) Are standalone hardware firewalls a worthwhile supplement? 5) What is the best practice for encrypting data between the nas and remote access point? Networking Concerns: 1) Having open ports to remotely use the backup NAS severely exposes it and the rest of the network. 2) Encrypting file transfer between offsite area to backup NAS. Possible Solutions (Things I am not really sure about): 1) For protecting the other devices on the home network, a 3router setup that isolates the IOT NAS from the actual network. This in combination with VLAN would prevent either of the subnetworks from communicating with each other. https://www.pcper.com/reviews/General-Tech/Steve-Gibsons-Three-Router-Solution-IOT-Insecurity 2) Alternative to using 3 routers: Pfsense with vlan. Is this secure enough? I have never used it before.

Maybe something like this would potentially alleviate my concerns. http://www.mit.edu/~avp/lqcd/ssh-vnc.html

Is VNC really the only way to control a mac??

This leaves me with the ability to only use my pc's monitor, and thus I need to be able to share it. I cannot use a KVM switch as I need to see both in real time.

This case is purely over LAN, hence my reason to not use VNC, I do not want remote access outside of the local network. Currently, I have been using synergy and a dedicated monitor; however, I am going to have to switch it out and need to find another solution.

I currently am in need of controlling one of my macs from my pc for work purposes. While I know there is stuff like Synergy, this would require a dedicated screen, and I do not have the space for another one. Is there a VNC alternative to controlling a mac from a pc? My concern with VNC is that I am not a fan of how easy it is to get remote access when all I am interested in is local control via a local ip. Is this really a warranted concern? Unfortunately, both the pc that I would be using as the main computer and the mac must be connected to the internet for specific software updates.

Out of curiosity, is raid 1 more stable than raidz1 when dealing with storage over a few TB?

I'll probably go with either zfs2 or zfs3. It seems like that may be a little more stable than windows 7 raid 6 or 10; unless I chicken out regarding the ecc ram. Thanks.

Good to know!

I'll look into that. I am expecting my storage needs to grow over the next few years, so I was hoping to just set it up with how I would like with lower capacity drives to fulfill my current needs and then replace them later rather than redoing the whole pool. I havent quite settled how I will divi everything up.

I was just planning on going with either WD Reds or Seagate's equivalent. I dont see much of a performance difference between the two when looking at the failure statistics, so whatever is cheapest. The data is not something that I can really afford to lose--work backup files etc in case something borks my main systems like a wonky update or virus etc. That is why I think I'll go with zfs2 and then add a mirrored pool to it later. Thanks for the help.

I honestly cannot remember what raid card it is, there isnt anything that identifies it. I got it from a friend awhile ago; I think he pulled it from something else. I have never used raid 6 on that computer, only raid 5, but I remember it had the option available. The computer currently has 32gb of memory in it, so that is not an issue. With 12tb of active storage needed in zfs2, I think that would give me some room to grow into. Final two questions: Since I am not using it to stream media, do you think the i3-3220 would be fine? Finally, since I cannot imagine that the hardware is made to be on 24/7--even with a relatively low stress on the system as a glorified external hard drive--is there any harm in shutting down a zfs server? I have gotten mixed messages about this, but it has always been my understanding that one just has to make sure that it does its data checks before doing so and after restarting.