timltimmy の投稿を引用：

If so how ?

Whats the laptops specs?

Product ∏ の投稿を引用：

timltimmy の投稿を引用：

If so how ?

Whats the laptops specs?

Intel Core i5 -3320m 2.6 Ghz
8 GB of ram
2 TB hard drive
Integrated Intel graphics

Any Windows machine can create network shares. You can create a network share in the properties of a folder. Then another Windows machine or other SMB-capable device can connect to the share.

The much cooler and better way of doing it:
Drop Linux on it (Or FreeBSD if you are feeling adventurous). Then decide what solution you want to use for file storage/sharing.

Samba can be used to host a SMB server, it's what Windows uses to connect to network shares.

Or you can setup a Nextcloud if you want something more feature rich.


These things can easily be accessed from outside the network by port forwarding specific ports to the server.

If you connect from outside the network do make sure you are doing it safely. So no HTTP or FTP, otherwise anyone can see your login information and the files you are transfering.

timltimmy の投稿を引用：

Product ∏ の投稿を引用：

Whats the laptops specs?

Intel Core i5 -3320m 2.6 Ghz
8 GB of ram
2 TB hard drive
Integrated Intel graphics

Significantly faster then my Raspberry Pi which is running a bit more then just a single Nextcloud instance.

It will do nicely.

Omega の投稿を引用：

Any Windows machine can create network shares. You can create a network share in the properties of a folder. Then another Windows machine or other SMB-capable device can connect to the share.

The much cooler and better way of doing it:
Drop Linux on it (Or FreeBSD if you are feeling adventurous). Then decide what solution you want to use for file storage/sharing.

Samba can be used to host a SMB server, it's what Windows uses to connect to network shares.

Or you can setup a Nextcloud if you want something more feature rich.


These things can easily be accessed from outside the network by port forwarding specific ports to the server.

If you connect from outside the network do make sure you are doing it safely. So no HTTP or FTP, otherwise anyone can see your login information and the files you are transfering.

timltimmy の投稿を引用：

Intel Core i5 -3320m 2.6 Ghz
8 GB of ram
2 TB hard drive
Integrated Intel graphics

Significantly faster then my Raspberry Pi which is running a bit more then just a single Nextcloud instance.

It will do nicely.

Publicly opening ports is foolish especially if you lack the defences. Encryption is only ONE facet of protection. The safest option is to use a VPN tunnel to your internal network. Publicly reachable ports without sufficient defence will bring trouble.

Product ∏ の投稿を引用：

Omega の投稿を引用：

Any Windows machine can create network shares. You can create a network share in the properties of a folder. Then another Windows machine or other SMB-capable device can connect to the share.

The much cooler and better way of doing it:
Drop Linux on it (Or FreeBSD if you are feeling adventurous). Then decide what solution you want to use for file storage/sharing.

Samba can be used to host a SMB server, it's what Windows uses to connect to network shares.

Or you can setup a Nextcloud if you want something more feature rich.


These things can easily be accessed from outside the network by port forwarding specific ports to the server.

If you connect from outside the network do make sure you are doing it safely. So no HTTP or FTP, otherwise anyone can see your login information and the files you are transfering.


Significantly faster then my Raspberry Pi which is running a bit more then just a single Nextcloud instance.

It will do nicely.

Publicly opening ports is foolish especially if you lack the defences.

Nothing wrong with exposing an application to the outside world. That is what login credentials are for.

Just don't do it with stupid commonly exploited crap like SMB or Windows in general.

Omega の投稿を引用：

Product ∏ の投稿を引用：

Publicly opening ports is foolish especially if you lack the defences.

Nothing wrong with exposing an application to the outside world. That is what login credentials are for.

Just don't do it with stupid commonly exploited crap like SMB or Windows in general.

There is more to looking after a remotely accessible NAS then login....

CIA Triad - Confidentiality, Integrity, Access, access is controlled by AAA - Accounting, Auditing Authentication. Integrity is controlled by redundancy and confidentiality is controlled by encryption for data at rest and in transit.

Login is only Authentication,

Product ∏ の投稿を引用：

Omega の投稿を引用：

Nothing wrong with exposing an application to the outside world. That is what login credentials are for.

Just don't do it with stupid commonly exploited crap like SMB or Windows in general.

There is more to looking after a remotely accessible NAS then login....

The application itself. Idealy this application is containerized. Make sure rights are set properly for parts of the filesystem accessable by the application.

Encrypted connection, so HTTPS/TLS, SFTP or SSH.

Optionally yet recommended a firewall which makes sure only stuff which is supposed to reach the application reaches it.

That is about it.


If you want to go further there are additional layers of restrictions you can add server-side such as Apparmor or SELinux so that even when an application is exploited it can't do anything.

Omega の投稿を引用：

Product ∏ の投稿を引用：

There is more to looking after a remotely accessible NAS then login....

The application itself. Idealy this application is containerized. Make sure rights are set properly for parts of the filesystem accessable by the application.

Encrypted connection, so HTTPS/TLS, SFTP or SSH.

Optionally yet recommended a firewall which makes sure only stuff which is supposed to reach the application reaches it.

That is about it.


If you want to go further there are additional layers of restrictions you can add server-side such as Apparmor or SELinux so that even when an application is exploited it can't do anything.

Containerisation doesn't protect it.... It may kind of isolate it but it doesn't completely isolate it. The image itself can still be compromised.
SSL and TLS both require a certificate to be installed either a Self-signed or an externally provided one.
Firewall is a must, period no questions asked. SSH has to be secured correctly with fail2ban and it's policies configured. Usergroups have to be created and only given permissions needed. Ideally you only configure that usergroup to access the NASs directories and that is it, nothing else.

Your best option is TrueNAS Core

Product ∏ の投稿を引用：

Omega の投稿を引用：

The application itself. Idealy this application is containerized. Make sure rights are set properly for parts of the filesystem accessable by the application.

Encrypted connection, so HTTPS/TLS, SFTP or SSH.

Optionally yet recommended a firewall which makes sure only stuff which is supposed to reach the application reaches it.

That is about it.


If you want to go further there are additional layers of restrictions you can add server-side such as Apparmor or SELinux so that even when an application is exploited it can't do anything.

Containerisation doesn't protect it.... It may kind of isolate it but it doesn't completely isolate it. The image itself can still be compromised.
SSL and TLS both require a certificate to be installed either a Self-signed or an externally provided one.
Firewall is a must, period no questions asked. SSH has to be secured correctly with fail2ban and it's policies configured. Usergroups have to be created and only given permissions needed. Ideally you only configure that usergroup to access the NASs directories and that is it, nothing else.

It prevents harming the actual system.

You are very good at selectively forgetting things I have said.

Also very good at interpreting abstract explanations as "He doesn't know what he is talking about since he didn't give the full story".

All the things you are mentioning here are implied, you can fill in those blanks yourself.



This crap is litterally my job.

You forgot to mention blocking root login (at least via password) over SSH, and not allowing password login.

Omega の投稿を引用：

Product ∏ の投稿を引用：

Containerisation doesn't protect it.... It may kind of isolate it but it doesn't completely isolate it. The image itself can still be compromised.
SSL and TLS both require a certificate to be installed either a Self-signed or an externally provided one.
Firewall is a must, period no questions asked. SSH has to be secured correctly with fail2ban and it's policies configured. Usergroups have to be created and only given permissions needed. Ideally you only configure that usergroup to access the NASs directories and that is it, nothing else.

It prevents harming the actual system.

You are very good at selectively forgetting things I have said.

Also very good at interpreting abstract explanations as "He doesn't know what he is talking about since he didn't give the full story".

All the things you are mentioning here are implied, you can fill in those blanks yourself.



This crap is litterally my job.

You forgot to mention blocking root login (at least via password) over SSH, and not allowing password login.

It's because I know you actually know very little.

NextCloud is a very dumbed down form of Dropbox. It lacks any real "NAS features". Such as NFS, iSCSI, or WebDAV or SFTP. TrueNAS also comes with containerisation by default in the form of jails.

Product ∏ の投稿を引用：

Omega の投稿を引用：

It prevents harming the actual system.

You are very good at selectively forgetting things I have said.

Also very good at interpreting abstract explanations as "He doesn't know what he is talking about since he didn't give the full story".

All the things you are mentioning here are implied, you can fill in those blanks yourself.



This crap is litterally my job.

You forgot to mention blocking root login (at least via password) over SSH, and not allowing password login.

It's because I know you actually know very little.

NextCloud is a very dumbed down form of Dropbox. It lacks any real "NAS features". Such as NFS, iSCSI, or WebDAV or SFTP. TrueNAS also comes with containerisation by default in the form of jails.

Meaning it's very suitable for OP. Which is why I recommended it.

No need for a full NAS shipping by default with all that useless bloat which will go unused when you can have a nice, simple, platform independant solution over glorious HTTP/HTTPS.

If you want extra functionality such as networked drives you can add those yourself. There is no reason for a big application to be a middleman here.

This is how the Unix gods intend everything to work. DO ONE THING AND DO IT WELL.

Technically possible with a multi port socking station.


One example
https://www.aliexpress.com/i/32634572891.html

Freenas/TrueNAS may be an option.

Also you will likely be limited to 1 gigbit network speed,

home gamer nas equipment has gigabit lan ports anyway
the laptop should be able to handle freenas
but if using external drives on the laptop, you will be limited by its usb ports and controller

at $100, you can get a 2bay empty nas and add your own drives
https://www.microcenter.com/product/603303/zyxel-nas326-2-bay-personal-cloud-diskless-network-attached-storage-(nas)