macpro5.1 Macro 5,1 Server Outside Network Access Help

[Czechmix]

I've been successfully using my MacPro 5,1 with 5 12TB enterprise drives in a JBOD setup as my primary Plex server for a few years now. Recently, I've adopted a new 12.9 M2 iPad Pro for mobile editing, which has been fantastic. However, I'm struggling to access my server remotely outside of the home network for editing my photography and drone footage stored on it and be able to transfer large files to it when I'm also away. While I can edit using LumaFusion when connected to my home network, I'm unsure how to set it up for remote outside network access. Currently, I've linked it with SMB on the Apple Files app which I really like how it's setup as just a list of drives and folders. It's clean and simple. Any guidance on enabling remote access without converting it into a NAS would be greatly appreciated, as I need to keep it running MacOS for other concurrent programs

[WhitetailAni]

You'd need to expose the SMB share to the public internet in some way - probably by buying a domain and setting up port forwarding and DNS records. I recommend Porkbun for a domain as they typically have lower prices, but you can use whichever registrar you wish. You should set up your DNS servers behind Cloudflare though - much as I dislike how they're slowly monopolizing the DNS space, they are pretty nice.

 

Note that if you do this, you'll want to make sure your MacPro5,1 is running the latest version of macOS - High Sierra (the latest natively supported iirc) has some unpatched security flaws (the last security update was 2006). Any machine that's connecting to the public internet should always be kept up to date. You don't want someone to get access to it.

 

https://dortania.github.io/OpenCore-Legacy-Patcher/ will enable you to run Sonoma, and I can verify that you can still set up an SMB share in Sonoma.

 

You'll also want to make sure you're using some form of authentication, along with specifying SMB3 minimum for better security (E2EE and the like) so Malicious Mike can't connect to your share and delete everything. macOS has supported SMB3 since Yosemite (10.10) so support won't be an issue, though the share may allow older versions of SMB by default - you'll want to check that. I haven't done too much digging into how macOS handles SMB.

 

Apologies if this is a difficult to read info dump, I just don't want to forget anything. Keep your data safe!

[Kilrah]

Exposing SMB to the internet is a very bad idea, so you should set up a VPN server in your home that you can connect to with the iPad.

 

But since you'll be limited by your internet connection it's likely going to be unbearably slow anyway.

[Ralphred]

22 hours ago, WhitetailAni said:

probably by buying a domain and setting up port forwarding and DNS records. I recommend Porkbun for a domain as they typically have lower prices, but you can use whichever registrar you wish. You should set up your DNS servers behind Cloudflare though - much as I dislike how they're slowly monopolizing the DNS space, they are pretty nice.

Domain management isn't as complicated as people think. For DNS hurricane do free DNS for static IP's, afraid.org do dynamic (and will email you if your dynamic is 'static' for over 12 months (as a way of pruning redundant records)).

If you *need* the simplicity offered by Cloudflare, by all means use it, if you don't - please move on.

 

21 hours ago, Kilrah said:

you should set up a VPN

Indeed, SMB/CIFS is one of the most probed for/exploited protocols.

[Czechmix]

Thanks for the replies. I am getting the feeling that this is going to be more work than I want to deal with.

[maplepants]

On 2/2/2024 at 9:44 PM, Kilrah said:

Exposing SMB to the internet is a very bad idea, so you should set up a VPN server in your home that you can connect to with the iPad.

 

But since you'll be limited by your internet connection it's likely going to be unbearably slow anyway.

This is the best way to allow access to any home server and what I do with my Mac Studio.

 

The near zero effort method is to use Tailscale or ZeroTier. Especially when you want clients like iPads, phones or other devices with minimal network settings something like ZeroTier or Tailscale is great. 

 

I run 20 services my Mac Studio and Linux server and have 0 port forward rules or other holes punched in my router. I just put Tailscale on my phone, iPad, and laptop and it works like a charm.