Preface
This tutorial is a continuation of the Remote Access for Newbies series of tutorials, and continues the discussion started in Parts 1-3. While parts of this tutorial can stand on their own, it does reference an office building analogy used to describe your LAN in Part 1. If you are unfamiliar with the basics of your LAN or how to configure a reverse proxy, it’d be best to start with Parts 1-3 of the series:- Tutorial - NAS Remote Access for Newbies: Part 1 - LAN Overview & Port Forwarding
- Tutorial - NAS Remote Access for Newbies: Part 2 - Port 443 & Reverse Proxy
- Tutorial - NAS Remote Access for Newbies: Part 3 - Accessing Mobile Apps via Reverse Proxy
Multiple NAS on a Single LAN
It is time to explore how to set up remote access for multiple NAS on a local network. Before I get into that, I’d like to give a quick overview of how my system has grown, as some of the threads are very good references for this discussion.My initial NAS was a DS918+ that was set up more or less in accordance with the advice given in these threads:
- Best backup method for home personal/home business files?
- Please help me understand making my NAS secure.
The inspiration for me to make changes to my setup began when I moved into a new house. At that time, I bought my own router instead of renting one from my ISP, and so I suddenly gained much more flexibility in which ports I could select and what types of router rules I could create because I owned and controlled the router instead of the ISP. Also, I began to look into creating a redundant offsite network with my dad, and so bought an RS1219+ and a DS220+ to build this network according to these threads:
- Solved - Confused about converting/expanding from my DS819+ to rack-mount options
- Critique my backup structure...
- Nas1.synology.me
- Nas2.synology.me
- Nas3.synology.me
In any event, the creation of those DDNS set off a chain of problems that resulted in the posts below. You don’t have to take the time now to read them all; the tldr is that I got myself in over my head and probably started making changes without fully realizing how everything worked together. I thought that I had a grip on how to make the changes I wanted, but I did not.
As shown by that thread, I was (maybe still am) completely out of my depth with port management and remote access. This thread below is the one that I believe finally got me back on track, and I pulled tons of info out of it for Parts 1-3, and will wrap up Part 4 with it as well:
You can read those threads for the long version of the missteps and lessons I learned along the way; I’m going to proceed here with a condensed version of what I believe is a good option to network multiple NAS on a LAN.
To start with, we are going to create the following reverse proxy rules on NAS1 only. These RP’s will allow us to access DSM on all 3 unique NAS, assuming that the default DSM ports are still 5000/5001. Explanation as to how the rules work will follow the screenshots.
Figure 4-1: NAS1 DSM Reverse Proxy
Figure 4-2: NAS2 DSM Reverse Proxy
Figure 4-3: NAS3 DSM Reverse Proxy
You have now created 3 RP rules that might be confusing. You will note that all 3 rules were created as a subdomain of the NAS1 domain name. This is because we are going to be setting up NAS1 to act as a “dispatcher”. With this setup, all reverse proxy requests, even requests for NAS2 or NAS3, will be routed through NAS1. The reason for this goes back to our port forwarding rules. We cannot forward port 443 to more than one internal IP address. In order to get around this, we need to piggyback connection requests for NAS2 & NAS3 onto NAS1 domain name.
When NAS1 receives a URL such as https://DSM3.NAS1.synology.me, it will look into its reverse proxy rules and see that the destination IP is actually the IP address of NAS3, and will dispatch the request down the line in the LAN to NAS3. From there, NAS3 handles it just like any other port-access request. Note that your browser will never see any of the application ports hidden behind the reverse proxy; it only sees port 443 that was going into the reverse proxy.
Figure 4-4: Multi-NAS Reverse Proxy
The final piece to the puzzle is knowing how to set up the NAS for remote access via mobile app if desired. Recall the lesson from Part 3 where we changed the default port for Synology mobile apps? If we want to be able to access NAS1, NAS2, & NAS3 from a mobile app such as DS File (which is the mobile app used to access File Station) for whatever reason, we will need to change the default ports for the app on each NAS that we wish to access.
Something to note here is that while you cannot have multiple apps on the same NAS pointed to the same port, you could set up a single application such as File Station to be accessed from the same port on multiple NAS. You do not need to assign File Station unique ports on each NAS when setting up reverse proxies as outlined in this tutorial. In other words:
- Not acceptable when used together: Multiple apps pointed to same port on the same NAS
- File Station-->NAS1-->38400
- iTunes-->NAS1-->38400
- Bitwarden-->NAS1-->38400
- Acceptable when used together: Single app pointed to same port number on different NAS
- File Station-->NAS1-->38400
- File Station-->NAS2-->38400
- File Station-->NAS3-->38400
A final note: I highly recommend figuring out how to assign fixed internal IP address to any networked devices that will be referenced by the reverse proxies and/or any firewall rules you might create. As I was writing this tutorial, my router lost power and reset its list of internal IP addresses. My NAS1 IP changed from 192.168.1.21 to 192.168.1.16, and so all of my reverse proxies were messed up. I effectively lost remote access to the NAS until I figured out what happened.
Epilogue
I believe that this about concludes what I set out to do. Hopefully this was instructive for other newbies and others are able to use this as a starting point in their own networking projects. As I wrap this up, please let me know if you find any factual errors in what I have written, and I’ll correct them as soon as possible. Also, a sincere and heartfelt thanks to @WST16 for working with me on this project. It would have been riddled with errors if I had attempted it on my own.- Related resources
- Part 1:
Tutorial - NAS Remote Access for Newbies: Part 1 - LAN Overview & Port Forwarding
Disclaimer: This resource is not meant to be a complete in-depth tutorial on how to set up reverse proxy or port forwarding, although it will have some examples. This is not a narrow tutorial explaining the quickest, best way to create a specific...www.synoforum.com
Part 2:
Tutorial - NAS Remote Access for Newbies: Part 2 - Port 443 & Reverse Proxy
Preface This tutorial is a continuation of the Remote Access for Newbies series of tutorials, and continues the discussion started in Part 1. While parts of this tutorial can stand on their own, it does reference an office building analogy used...www.synoforum.com
Part 3:
Tutorial - NAS Remote Access for Newbies: Part 3 - Accessing Mobile Apps via Reverse Proxy
Preface This tutorial is a continuation of the Remote Access for Newbies series of tutorials, and continues the discussion started in Parts 1&2. While parts of this tutorial can stand on their own, it does reference an office building analogy...www.synoforum.com