Access your FreeNAS server remotely via SSH

After finally getting my FreeNAS and ZFS-based file server up and running, I’ve been looking at ways to access its services from remote locations outside of my home network. There are numerous ways to achieve such a feat, such a creating a VPN between your remote computer and the server. However, VPN’s typically require either special software installed on the server (which FreeNAS lacks, like Hamachi) or dedicated hardware running on the network (such as a machine running OpenVPN), which I lack. FreeNAS, however, does contain SSH, allowing you to create a sudo-VPN called an “SSH tunnel.” An SSH tunnel is a secure, encrypted connection between the remote computer and the file server for a specific port. Each service running on the server uses different ports, thus it is necessary to create numerous tunnels - once for each service you which to access remotely. After reading a number of online tutorials, most of which were geared towards Windows or the CLI, I discovered a very easy way to set up tunnels between a Mac OS X remote machine and the FreeNAS server, which I’ll describe here in detail.On the server/local network:

1. First, enable SSH on FreeNAS through the FreeNAS Web interface. Also, make sure allow tunneling is checked and that SSH is using port 22 (you  can use another port, but I’ll be using the default port 22 in this tutorial). Finally, I enabled “enable root login,” but for security purposes, this can remain unchecked and you can login as a local user account (assuming one has been created on the FreeNAS server).
2. If you have a dynamic IP address, its a tremendous help to use a dynamic IP service (such as dyndns or no-ip) to provide a static host name to your ever-changing IP address. This is built-into FreeNAS, and can be enabled under “Services” on the FreeNAS web interface.
3. Prepare your router: You’ll need to open up the SSH port 22 to outside access on your router.

1. Download two applications, SSH Tunnel Manager and Network Beacon, which will be used to graphically configure the SSH tunnels.
2. In SSH Tunnel Manager, we need to configure the different tunnels required for the services we want to access. For example, suppose you want to access Samba file shares on your FreeNAS server:

• Fill in your username and password, your static host name, and SSH port  (22)
• Than, you need to forward a local port on your Mac to the Samba-port (usually 445) on your FreeNAS server. Under “Local redirections,” you can pick any port number on your Mac (I used 5445), the “LAN Host” of “localhost” and remote port of “445.” You can leave “remote redirections” blank. Then, make sure your newly created tunnel is enabled and open.
• Network Beacon allows reporting of the local port redirections to the system via bonjour, so for example, the SSH tunnel we created above for Samba shares will appear auto-magically in the Finder. In Network Beacon, create a “New Beacon” containing the following information:

• For Samba, use Service Type “_smb._tcp.” and enter the local port redirection you created above (ex. 5445). Next, enable the host proxy with the host name of “localhost” and IP address of “127.0.0.1.” Finally, click OK and enable the new beacon.

• iTunes Shares: First, you need to have the daap service running on your FreeNAS machine. For this, you need to redirect the remote port of 3689 to a local port of your choice (I just reused 3689), and then set up a Beacon with the service type “_daap._tcp.” with your local port redirect (3689) and the same local host proxy as above. Then, open up iTunes and your remote iTunes server should appear under “Shared.”