Configuring OMV 5 for outside FTP/SMB usage - port forwarding, SSL, DuckDNS

  • Hello,


    I am still configuring my OMV 5 server and ran into some configuration problems.


    I want to have outside connections for:

    - FTP,

    - Samba SMB folder sharing,

    - streaming solutions (in future),

    - secure connection with SSL, users and group of users.


    My ISP does not offering outside IP address so I need to use port forwarding on my router. I create static IP address for my OMV machine instead of using DHCP.


    DuckDNS

    Right now I have working DuckDNS with correct redirection to my local OMV machine. I have added these ports in DuckDNS stack:

    Code
    ports:
    - 450:443
    - 90:80 #optional

    and port forwarding is set as follows:

    I have also found curious situation - DuckDNS container was stopped on my server but domain connection was working without problems. When container is running domain is also working. Why?


    FTP

    FTP is configured to works on port 21.

    Port forwarding:

    Code
    Name: OMV21
    External port: 21
    Internal port: 21
    Internal IP address: my OMV IP address defined in router DHCP settings
    Protocol: BOTH

    There is also port forwarding for passive ports 14100:14110 - option Passive FTP is on (I does not know is this is required).

    About the FTP and outside connections - I was using below manuals:


    Noob Guide to Enabling FTP Server and Using Filezilla Client (Remote Use)


    https://www.youtube.com/watch?v=Z1B-V9oOO-g


    And after configuring I have found another problem with SSL certificate. Certificate was created as it was described in above link and it is selected in FTP / SSL/TLS tab (option "Enable SSL/TLS connections" and "No session reuse required") and I am able to connect with my OMV via ftp but when connecting with OMV control panel - connection is not set as unsafe. Certificate is incorrect or faulty?


    I was trying to create certyficate manually using below guide:


    [HOWTO] create a self signed cert to use HTTPS with multiples CN and IP


    But after 2nd step I have only two files generated: rootCA.key and rootCA.pem and I am unable to add these files to Chrome (not supported format).


    Finally, question about port forwarding. Are these correct settings? What about ports 450:443 and 90:80 for DuckDNS? Should it be added in other way? What about port 21 for FTP? Should I change this port for another one? The same question for main OMV port 80 - should I change it to another one? And finally how to configure OMV/port forwarding to have my Samba folders shared outside?


    Thank you!

  • macom

    Hat das Thema freigeschaltet.
  • A little update in my configuration thread:


    So I have done some changes in my setup, right now I changed main OMV port and FTP port to other and:


    - connection with OMV gui is working with ip address and domain adress on my local machine, and with domain adres from remote machine - no problem for me;

    - connection with FTP is working with ip address and domain address on my local machine, but only with domain adress from remote machine (even that FTP port is added to routing table correctly in my router /in_port;out_port;omv_ip;protocol:udp&tcp/ - why it is not working using ip address?);

    - I have added OpenVPN solution and it is working without problems;


    - problem with SSL/TLS certificate is still unresolved (port for SSL/TLS is on the routing table of my router);

    • Offizieller Beitrag

    I don't use ftp but you should never share smb over the internet.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!