Text only | Text with Images

OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: tawnytim on June 13, 2023, 04:12:53 PM

Title: Can I get a hand with a few port forwards please?
Post by: tawnytim on June 13, 2023, 04:12:53 PM
I'm the absolute WORST with firewall rules/NAT.  I just cannot, under any circumstance, ever seem to pick the correct options with regards to interfaces and such.

I'm trying to complete the instructions found here: https://mariushosting.com/synology-how-to-enable-https-on-dsm-7/ (https://mariushosting.com/synology-how-to-enable-https-on-dsm-7/).

Can someone please explain how to set up the port forward rules?
Title: Can I get a hand with a few port forwards please?
Post by: xstreem on June 14, 2023, 05:29:21 PM
One question do you know what you are trying to do following that guide? Port forwarding is needed if you want to access a service, in this case Synology DSM, from outside your network. This is absolutely not recommended, because anybody that type your public-ip:5001 or your ddns-address:5001 will be in front of your login page. If you really want this I can help you as it is quite easy but again I don't recommend it. What I recommend is to connect via VPN and then simply access your synology Dsm using local-ip:5001 and this is the most secure way.


Inviato dal mio iPhone utilizzando Tapatalk
Title: Re: Can I get a hand with a few port forwards please?
Post by: chemlud on June 14, 2023, 06:12:21 PM
A user that doen't know how to have a port forward most likely doesn'T know how dangerous it is to have port forwards. The VPN way is the only way to go in such a situation...
Title: Can I get a hand with a few port forwards please?
Post by: xstreem on June 14, 2023, 08:15:41 PM
Well but he said he is not expert that is no problem I was preliminary informing him, then if he wants to go for that it is easy and possible, but as you and I said not recommended


Inviato dal mio iPhone utilizzando Tapatalk
Title: Re: Can I get a hand with a few port forwards please?
Post by: Cyberturtle on June 14, 2023, 08:58:26 PM
I'm using a Synology NAS too. First, I'd suggest only forward the HTTPS port of the DSM. Furthermore you need your IPv4 address and if you want dual stack access IPv6 host part should be stored as an alias.
I can provide some screenshots tomorrow if needed. I only had to configure the NAT port forward and IPv6 WAN in rule.
You should create a static lease entry in your DHCP static mappings for your Synology device.
Title: Re: Can I get a hand with a few port forwards please?
Post by: RamSense on June 15, 2023, 07:33:42 AM
to add on this, if you are running a service on your nas what must be connected to the internet, you could place it behind a proxy like nginx or HAproxy (plugins available on opnsense).
But i agree with the above to make your DMS itself only accessible with vpn.
Text only | Text with Images