External IP for Ubuntu Server in VMM

4
0
NAS
Kn0t@Geak!
Operating system
  1. Linux
  2. macOS
Mobile operating system
  1. iOS
Hello. First post to this forum. I just installed Ubuntu Server 22.04 in VMM on a720+ NAS running latest DSM. I can access it locally from any Mac’s terminal, as well as in a browser via the Connect button, but only via a browser shared link for external access. I need to have an external IP for the FileMaker (database) Server I installed in Ubuntu. Would I use the NAS’ 2nd Ethernet port for this? Any direction would be appreciated.
 
Hello and welcome.

By default, regardless of what NAS NIC you are using inside VMM (by default it will be your NIC/LAN1 adapter), any VM using it will be in a NAT configuration.

Meaning, any IP address that you configure inside your Ubuntu VM using your LAN subnet (the same one your NAS, computer, phone, etc) you should get access to it. This is exactly what you have already said its working for you.

To get outside access to that same machine you need to open ports on your router for a specific protocol targeting your Ubunutu local IP address. This is very dangerous as you are exposing your internal network via a VM to the outside world. Any direct VNC, RDP, SMB access, will result in major attacks by bots or someone more intelligent, and the end result could be catastrophic.

Suggestion here would be to use a protected access via a) a VPN, or b) some sort of "bastion" web application that can "stream" RDP, VNC, FTP and similar ports. To make any of the two suggestions additional configuration is needed.

Are you familiar with the concepts? If not, it would be best to educate yourself on those, see if you can support that setup and then test it out. Having a remote client-server access over the Internet to connect to a DB without any secure element will lead to a huge set of problems, so be sure to understand what needs to be done and why you should do it.
 
Upvote 0
Last edited:
Hello and welcome.

By default, regardless of what NAS NIC you are using inside VMM (by default it will be your NIC/LAN1 adapter), any VM using it will be in a NAT configuration.

Meaning, any IP address that you configure inside your Ubuntu VM using your LAN subnet (the same one your NAS, computer, phone, etc) you should get access to it. This is exactly what you have already said its working for you.

To get outside access to that same machine you need to open ports on your router for a specific protocol targeting your Ubunutu local IP address. This is very dangerous as you are exposing your internal network via a VM to the outside world. Any direct VNC, RDP, SMB access, will result in major attacks by bots or someone more intelligent, and the end result could be catastrophic.

Suggestion here would be to use a protected access via a) a VPN, or b) some sort of "bastion" web application that can "stream" RDP, VNC, FTP and similar ports. To make any of the two suggestions additional configuration is needed.

Are you familiar with the concepts? If not, it would be best to educate yourself on those, see if you can support that setup and then test it out. Having a remote client-server access over the Internet to connect to a DB without any secure element will lead to a huge set of problems, so be sure to understand what needs to be done and why you should do it.
Thank you Rusty, that’s very helpful. Up until now, I have always used AWS and competitors like Vultr to create VM’s to run the FileMaker Server software. I purchase a domain and a low cost SSL and point the SSL to the external IP of the VM. There are a few specific ports that need to be opened for FileMaker Server. In cases where I dedicate a real computer on premises, I would open these ports in the business’s router, then use port forwarding to direct traffic through those ports specifically to that dedicated local machine. Clients access the databases by pointing their FileMaker Client software to the domain mentioned above. All communication is encrypted and all clients require usernames and passwords. Only the database administration works through https in a browser. The databases are accessed via the ‘FileMaker Network’ by the FileMaker Client sw. There is an option for web based access, but I don’t use it.

So using Ubuntu in the VMM, it sounds like I need to open a couple of ports in the router, and point them to the static internal IP of the NAS. Do you think I could I use the domain I created through Oracle’s dynamic dns service and the SSL that goes with it from Let’s Encrypt that is already employed for external access to the NAS, or would I need a new domain and SSL? Thanks again for your time.
 
Upvote 0
Do you think I could I use the domain I created through Oracle’s dynamic dns service and the SSL that goes with it from Let’s Encrypt that is already employed for external access to the NAS, or would I need a new domain and SSL?
The latter. So you want to use this the same way you used it on AWS. You need a publicly accessible name that will point to your location of your NAS and probably a reverse proxy (internally) that will translate those public requests and push them to internal IP address of the Ubunutu server.

The idea is identical, but more elements will need to be configured on-prem to substitute what AWS had out of the box.
 
Upvote 0
The latter. So you want to use this the same way you used it on AWS. You need a publicly accessible name that will point to your location of your NAS and probably a reverse proxy (internally) that will translate those public requests and push them to internal IP address of the Ubunutu server.

The idea is identical, but more elements will need to be configured on-prem to substitute what AWS had out of the box.
OK, the reverse proxy is new territory for me. Would I configure that in the DSM?
 
Upvote 0
OK, the reverse proxy is new territory for me. Would I configure that in the DSM?
There is an option to use the NAS/DSM version yes. In Control Panel it is called Login Portal, or you can use a custom 3rd party (via Docker for example).

nginx, trafik and the like are usual candidates.
 
Upvote 0
There is an option to use the NAS/DSM version yes. In Control Panel it is called Login Portal, or you can use a custom 3rd party (via Docker for example).

nginx, trafik and the like are usual candidates.
Thanks again Rusty. I’ll look into it.
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top