Bitwarden and IPTables Logging

Currently reading
Bitwarden and IPTables Logging

I've been trying to set up bitwarden on my NAS and after having a port conflict and switching to port 445, I now have a working system... IF I turn off the firewall.

Needless to say, my intent is to have the same working state with the firewall on, but when opening port 445 and denying the rest (other than other ports I intend to use like 22, etc) bitwarden will not connect.

To try to debug this, I wanted to log dropped packets using the following command:

iptables -A INPUT -i eth1 -p tcp --dport 445 -j LOG --log-prefix "IPTABLES-DROPPED: "

but I got the following response:

iptables: No chain/target/match by that name.

This didn't make sense to me, and after looking into it a bit, I found something that I don't know how to get around.

It seems to me (I could be wrong) that the "-j LOG" portion of the command isn't working as intended. This made me think that maybe the kernel module isn't installed. So I did a spot check:

lsmod | grep LOG

returned:

xt_LOG 1423 0
x_tables 16302 21 ...,xt_LOG,...


So now I'm stumped.

  1. Is there anyone who has successfully been able to log DROPPED packets on a Synology NAS? If so, how?
  2. Can anyone help me get bitwarden running as it does without firewall, with firewall on?

Thanks in advance!


Note: I have also posted this on reddit (pointing it out before someone mentions it). I'm not sure what the best method of getting both audiences to see this is. Apologies if this method was not the best.
 
Last edited:
I tried 444...? same result. If it's possible, I'd like to run it on 443 but I had a bind issue that I thought was due to running PhotoStation on the same domain.

For more context, in case it's helpful:

Running 718+
Reverse Proxy for BW

Photostation, etc on subdomain: _.synology.me
BW on sub-subdomain: bw._.synology.me

Mostly followed the guide here:
 
When you use reverse proxy then port 443 is for your secured (https) connections. So it is not possible that photo station has port 443 but must have its own port provided by the nas.
 
Ahh I guess that makes sense. So you're saying I can run them both through 443 as long as they each reverse proxy separately to other ports from different subdomains? Meaning that I need to change the default port of anything using 443 to something else?
 
Ahh I guess that makes sense. So you're saying I can run them both through 443 as long as they each reverse proxy separately to other ports from different subdomains? Meaning that I need to change the default port of anything using 443 to something else?
Correct
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Right, I’m sure those having an issue have some sort of unique thing going on. Considering they didn’t...
Replies
33
Views
6,037
  • Question
Indeed. You would need to delete it from the org and then recreate it in your personal vault to recapture...
Replies
2
Views
2,231
  • Question
https://bitwarden.dadsnas.i234.me:443 still directs to DSM login screen. I did not have "automatically...
Replies
11
Views
2,513
  • Question
I read the title as “why doesn't my entire Bitwarden vault explode? And I kept looking at it while zoned...
Replies
6
Views
2,937
  • Solved
I've changed the thread type. Now you can Mark as solution by clicking on this: Thank you.
Replies
6
Views
4,206
Setup of BW will take a few minutes then you will achieve free of charge full version of your own host for...
Replies
22
Views
21,787
If you alrady have a wildcard certificate, you should already have those files. If it's created by LE, you...
Replies
3
Views
14,437

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top