This article will guide you through the process of setting up WebDAV access to your NAS - A secure method to transfer files between your device and NAS through the Internet.

Synopsis:

Our goal in this article is to configure WebDAV access to the NAS remotely. Unlike FTP, WebDAV connection is encrypted and, therefore, secure for transferring credentials and files, making it ideal for transporting data over the untrusted channel, such as the Internet. To achieve this, we will need to configure port forwarding on our router as well as the WebDAV service itself on the NAS appliance. We will also set a WebDAV client on our PC to utilize this feature.

Requirements:

• Internet connection with a public IP address is required to make remote connections possible
• NAS series appliance
• Access to router/firewall with NAT/UPnP support - these features are supported by most gateway devices today.

Table of Contents:

1. WebDAV configuration and port forwarding
   
   1. Using UPnP
   2. Using static NAT rules
2. Setting permissions
3. WebDAV client configuration on PC

1) WebDAV configuration and port forwarding

1a: Using UPnP

UPnP is a protocol that is used to configure port forwarding on a firewall/router device seamlessly. The only thing that is needed on the side of the firewall is to have this feature enabled. As already stated, this feature is simple to deploy. Its only disadvantage is a mild security risk involved - in networks where we don't have control over connected devices such as schools, it should be disabled for security reasons, and static NAT rules should be created instead. However, in-home environment, this feature might be favorable to configure much more multimedia devices, not only our NAS appliance.

1. Log in to your firewall/router and find the UPnP feature in the configuration menu. If unsure whether it is supported or not / unable to find it, please see the user's guide for your device. In this example, I am using ATP200 for your reference; in many home router devices with dull features, there is usually nothing else to configure than just enabling or disabling the functionality. In more advanced devices, you may need to select proper WAN and LAN interfaces that are supposed to have UPnP feature enabled.
   
2. With UPnP enabled, log in to your NAS appliance. Then head to the Control Panel > Network > TCP/IP > Network Interface > edit your network interface and set the static IP address to the appliance.
   
3. After this, go to the Service > WebDAV menu and enable the WebDAV service.
4. With WebDAV service enabled, head to the UPnP Port Mapping menu, on the first tab, you can check whether UPnP compatible router was discovered. On the second tab, you may add services that are supposed to be configured on your router. Select WebDAV HTTPS and confirm. You may enable other services if you wish to, just keep in mind that anyone can access them from the Internet, and you should use encrypted services to keep your data and login credentials secure. Fill in the port to be used for connection and select apply. If everything goes well, the result should look like this.
   
5. Now we are ready to set access permissions for our folders!

1b: Using static NAT rules

In scenarios where UPnP is not supported or might pose a security risk, creating static NAT rules might be necessary. Configuration of firewall rules will also be necessary. In this guide, we will follow the procedure demonstrated on our firewall. Additional information regarding NAT rules might be found in this article.

1. Log in to your firewall/router and find the NAT configuration menu within it. There, create a new NAT rule.
   
2. Depending on the vendor and model on your device, NAT configuration might vary. See the screenshot below to give you a rough idea of how it could look.
   
3. While some devices (such as our new VMG series modems) create firewall rules automatically when NAT rule is created, some devices need explicit firewall rules to make the NAT rule work. In this case, head to the firewall configuration and set up the rule accordingly. Once again, this might vary from vendor to vendor and from device to device, but the principle remains the same.
   
4. With NAT rule set, log in to your NAS appliance. Then head to the Control Panel > Network > TCP/IP > Network Interface > edit your network interface and set a static IP address to the appliance. Please confirm that the IP address matches the address you have set up in the NAT rule.
   
5. After this, go to the Service > WebDAV menu and enable the WebDAV service.
6. All set for the next step!

2) Setting permissions

The key feature to set and verify during publishing something to the Internet is to verify that the permissions are set as we expect. In this scenario, we will create a new folder for our online share.

1. If not already, log into your NAS appliance and open control panel.
2. Head to the Privilege and Sharing tab > Shared folders > and click on "Add" symbol
   
3. Set a name for your folder and optional description. Please keep in mind that names are case sensitive! Lowercase names are recommended.
   
4. On the next tab, we can choose who has access to the folder, who can write to it. Set up to your liking, note the information about access right priority. If you enable permissions of a group and revoke permissions of someone within that group, the access will still be denied. 
   
5. Confirm the settings. You can alter the configuration of existing folders to your liking.

3) WebDAV client configuration on PC

There are many WebDAV clients available, some are well known, such as Total Commander (with WebDAV plugin), in this example, we will map WebDAV share as a network drive to your Computer directory using integrated WebDAV client of Microsoft Windows 10.

1. Open Windows Explorer and navigate to My Computer folder. Select the "Connect to network drive" option on the ribbon.
   
2. Select the desired drive letter, click on "Connect using different login credentials" option; otherwise, Windows would use your login information. The most important thing here is the path to the shared folder. Since we are using a secure WebDAV connection, it should begin with https://, after which either domain name or IP address follows. After this, the colon with the port number is appended. /WebDAV/ is there to help Windows know it is dealing with WebDAV connection and finally share is the name of our shared folder. When the port is 443, specifying port is not needed, as this is the default for HTTPS connections. Examples are here:

   https://mydomain.com/webdav/share
   https://88.89.90.91:5003/webdav/share
   https://88.89.90.91/webdav/share

   
3. After finishing the form, you will be prompted to enter your credentials. If everything is set correctly, a new window with your mounted share will pop up, and your drive can now be found in My Computer folder.