Can I get a hand with a few port forwards please?

Started by tawnytim, June 13, 2023, 04:12:53 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 13, 2023, 04:12:53 PM
I'm the absolute WORST with firewall rules/NAT.  I just cannot, under any circumstance, ever seem to pick the correct options with regards to interfaces and such.

I'm trying to complete the instructions found here: https://mariushosting.com/synology-how-to-enable-https-on-dsm-7/.

Can someone please explain how to set up the port forward rules?
June 14, 2023, 05:29:21 PM #1 Last Edit: June 14, 2023, 08:16:47 PM by xstreem
One question do you know what you are trying to do following that guide? Port forwarding is needed if you want to access a service, in this case Synology DSM, from outside your network. This is absolutely not recommended, because anybody that type your public-ip:5001 or your ddns-address:5001 will be in front of your login page. If you really want this I can help you as it is quite easy but again I don't recommend it. What I recommend is to connect via VPN and then simply access your synology Dsm using local-ip:5001 and this is the most secure way.


Inviato dal mio iPhone utilizzando Tapatalk
June 14, 2023, 06:12:21 PM #2
A user that doen't know how to have a port forward most likely doesn'T know how dangerous it is to have port forwards. The VPN way is the only way to go in such a situation...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
June 14, 2023, 08:15:41 PM #3 Last Edit: June 14, 2023, 08:19:47 PM by xstreem
Well but he said he is not expert that is no problem I was preliminary informing him, then if he wants to go for that it is easy and possible, but as you and I said not recommended


Inviato dal mio iPhone utilizzando Tapatalk
June 14, 2023, 08:58:26 PM #4
I'm using a Synology NAS too. First, I'd suggest only forward the HTTPS port of the DSM. Furthermore you need your IPv4 address and if you want dual stack access IPv6 host part should be stored as an alias.
I can provide some screenshots tomorrow if needed. I only had to configure the NAT port forward and IPv6 WAN in rule.
You should create a static lease entry in your DHCP static mappings for your Synology device.
June 15, 2023, 07:33:42 AM #5
to add on this, if you are running a service on your nas what must be connected to the internet, you could place it behind a proxy like nginx or HAproxy (plugins available on opnsense).
But i agree with the above to make your DMS itself only accessible with vpn.
Deciso DEC850v2
Print
Go Up Pages1
User actions