Access internal network with public IP?

[ComputerGuy2006]

Ok dumb question, here is the theoretical setup:
- PC (DHCP on, getting public IP address) > Switch
- Switch > Modem
- NAS (10.10.0.10 static IP) > Switch

Is there any way for the PC with its public IP address to communicate with the NAS, or would the 10.10.0.10 packets not make it to the NAS due to the subnet of the public IP address?

Note: I am aware an alternative solution would be to install a second NIC, or even put everything under a router and block all internet for the NAS.

 

[Harrod]

You will probably want to look into port forwarding, which will have to be done in the router.

http://www.wikihow.com/Set-Up-Port-Forwarding-on-a-Router

 

[dave_the_nerd]

For this to work at all, you'd still need a router acting as a gateway between your public IP pool (the ISP's router) and the 10.x.x.x network (private IP space.) You could kinda make it work.

Easier would be to get a second IP assigned by the ISP for your NAS.

But then all your base are belong to hackers, because they're accessible on the public internet.

 

[ComputerGuy2006]

Harrod: there is no router in this setup.
dave_the_nerd: I do have two IP address, but I purposely don't want this NAS connected to the internet in anyway.

$150 mobo and it comes with a single lan port and 6 sata ports (or no PCI slots to put in old PCI nics)... What a mess ive put myself into

I guess ill just order a PCIe NIC.

 

[dave_the_nerd]

Harrod: there is no router in this setup.
dave_the_nerd: I do have two IP address, but I purposely don't want this NAS connected to the internet in anyway.

$150 mobo and it comes with a single lan port and 6 sata ports (or no PCI slots to put in old PCI nics)... What a mess ive put myself into

I guess ill just order a PCIe NIC.

That would work. Two separate networks and your PC is the gatekeeper.

Still don't think you should have your PC open like that, but you know enough to keep your NAS off the internet and it's your box, so you must have some reason.

 

[Gryz]

You should be able to set a "secondary ip address" on the same interface where you use the public address. You probably need to change from DHCP to a manually configured address. So check your current address, write it down. Then change your interface settings to manual (from DHCP). Now fill out the address/mask/dnsserver/default-gateway you've written down.

You should be able to configure another address.
But I don't know how to do that in Win7 or Win10.
I'm not even sure it's still possible on Windows.
https://www.youtube.com/watch?v=pMzJJLdMRR0

Another option would be to configure IPv6 on your PC and your NAS. Just make sure you don't have a "default-route" or "default-gateway" for IPv6. You might need to fiddle around a little, because this setup will certainly have quirks. Another benefit would be that your NAS would not be reachable from the Internet.

But even if you manage to configure your boxes like this, I don't think it's recommended. The Internet is a really hostile environment. You want both your PC and your NAS to be behind a firewall, or at least a router that does NAT.

 

[ComputerGuy2006]

That would work. Two separate networks and your PC is the gatekeeper.

Still don't think you should have your PC open like that, but you know enough to keep your NAS off the internet and it's your box, so you must have some reason.

Even if I put my PC is behind a router, id still rather not have the NAS connected to a router. It would just be one more thing to manage (and id imagine id lose speed as my router isnt all that great).

You should be able to set a "secondary ip address" on the same interface where you use the public address. You probably need to change from DHCP to a manually configured address. So check your current address, write it down. Then change your interface settings to manual (from DHCP). Now fill out the address/mask/dnsserver/default-gateway you've written down.

Interesting, ill try that, thanks. I didn't know you could assign a LAN more than one IP.

 

[VirtualLarry]

OP, your idea is dumb. Is there some particular reason that you can't afford even an entry-level router? (Although, one with Gigabit LAN ports would be best to host a NAS.)

 

[dave_the_nerd]

Even if I put my PC is behind a router, id still rather not have the NAS connected to a router. It would just be one more thing to manage (and id imagine id lose speed as my router isnt all that great).

1) it's not really one more thing to manage (you still have to manage it with a private IP)
2) The router isn't routing between LANs when the NAS is on the same subnet as the PC, so performance is usually on par with a normal switch. If you're paranoid, you can uplink a switch to the router, and plug the NAS and the PC into the switch - the switch will relay traffic between the PC and the NAS, and the router will only see packets intended for outbound/inbound stuff.

 

[dave_the_nerd]

OP, your idea is dumb.

Oh come on now, how many people have told you the exact same thing about one of your ideas?

Don't go home and kick the dog - end this cycle of abuse.

 

[VirtualLarry]

Oh come on now, how many people have told you the exact same thing about one of your ideas?

Don't go home and kick the dog - end this cycle of abuse.

I guess. OP doesn't want his NAS on the internet, yet he wants it connected to a switch, connected directly to his modem? What if he gets local packets to 10.10.10.10 over his WAN connection somehow? When I had DSL back in the day, I saw a few egress packets from 192.168.x.x addresses that got past my router, and hit my PC's firewall. No, they weren't packets from my internal LAN.

It's just a poor idea, from a security POV. Much safer to have a NAT router/firewall between the internet and the LAN devices. If OP can't afford that, I can understand. But he can (?) afford to put in a secondary NIC on the PC?

 

[Red Squirrel]

That sounds scary as hell. Why do you want all your stuff to be internet facing like that? I would get a NAT router and solve two problems at once. Even a basic NAT router is better than none at all.

SMB protocol (and lot of other windows stuff like RPC) is not something you want wide open to the internet. I remember as a kid doing port scans for port 139 before I knew any better that hacking was illegal, and getting into people's files and stuff. This was in the dialup days so people had no router. I remember finding lot of sub7 trojans too and messing with people's computers, that was fun. Don't do that. I did not know any better at the time.

But right now you are pretty much wide open to stuff like that.

 

[ComputerGuy2006]

VirtualLarry: My current setup has my PC going to my NAS. I am looking at the switch option due to lack of dual NICs.

dave_the_nerd: Very interesting idea, that would also put a lot less load on the router. I will probably set it up this way.

Red Squirrel: I do have a router, and everything in my network that has internet has always used it. Only my old PC was sometimes directly connected to the modem so better performance in games (and my NAS only directly connected to my PC).