Wednesday, December 21, 2016

Bringing your consumer NAS onto a static IP or non-standard DHCP subnet

Having gone through this again recently, as I upgraded from the Seagate Central I bought a couple of years back to a later and bigger version, a note to self for when I go through the exercise again in a couple of years, to save having to put it together again --

  1. This is the Secret Sauce : with a dual-NIC computer (e.g. one that's on the home subnet on WiFi but also has an unused ethernet port) set up Internet Connection Sharing of the WiFi to the ethernet. That makes that PC act as a DHCP server on the default 192.168.0/8 subnet on the ethernet link, which is where we can bootstrap the process.
  2. Connect the NAS and the PC to a switch.
  3. Now administer the NAS from the PC to configure its network settings to your main home subnet.
  4. Do not panic if the NAS admin page tells you the reconfigure has not been saved because contact has been lost with the device.
  5. Unplug the NAS from the switch and connect to your router.
  6. Now breathe a sigh of relief as you can now see the NAS on the main network, then complete the NAS set-up.

The presence of known vulnerabilities in consumer NAS software means that it is also advisable, after a first firmware update, to close all outbound connections from the device, apart from DNS (which tends to be the protocol used for connection liveness testing), so it doesn't go calling out to any remote access server. You do block all the inbound connections already, don't you?

Yes, this means you can't watch your movies while on holiday, but if that's what you want to do, why ever go anywhere in the first place?

No comments :