A few security questions about the DS 918+

Currently reading
A few security questions about the DS 918+

Last edited:
good to know thanks. I did all 3 rules but if I disable the country rule, I can still access my apps on my phone data
 
I have the following rules
Management UI,file station Allow
Synology Drive Allow
Web station,photostation Allow
Active backup for business Allow
My Desktop IP Allow
My NAS IP and Subnet Allow
Canada Allow but disabled to test
ALL Deny

I am off Wifi for sure and I can still access all the apps.
Also if I go to a web browser on my phone and type in my NAS Ip with port, I can login to the NAS
 
Last edited:
Management UI,file station Allow
Synology Drive Allow
Web station,photostation Allow
Active backup for business Allow
My Desktop IP Allow
My NAS IP and Subnet Allow

when you say allow, is it allow all under the source ip? If so then that is why you can access it. You’re saying any ip (locally and anywhere in the world) can access those services
 
synology screenshot firewall.JPG

How about this?
 
Are you refering to the NAS IP and subnet I entered into the firewall rule?
Watching a youtube video a guy said you have to allow Management UI otherwise you lock yourself out.
 
Watching a youtube video a guy said you have to allow Management UI otherwise you lock yourself out.
Your youtube guy is wrong, or at least he's wrong if you follow the setup as described by WST16. I have a couple extra rules to allow services outside of what WST16 is discussing, but I don't have anything listed for Management UI. WST16 got me up and running and I haven't had any firewall issues.

edit: in fact, I have accidentally enabled/disabled a rule that would actually lock me out of the firewall and DSM has come back with a warning saying that doing so would lock me out. It does watch out for you I think.

1609199935837.png
 
Ha. I think I'm having flashbacks to when you walked me thru all this.
“Same, same but different“
-- post merged: --

Are you refering to the NAS IP and subnet I entered into the firewall rule?
Watching a youtube video a guy said you have to allow Management UI otherwise you lock yourself out.
Please go
Control Panel > info center > Network tab
Under LAN 1
What is shown in front of IP Address
What is shown in front of subnet mask

Same for LAN 2
What is shown in front of IP Address
What is shown in front of subnet mask
 
Your youtube guy is wrong, or at least he's wrong if you follow the setup as described by WST16. I have a couple extra rules to allow services outside of what WST16 is discussing, but I don't have anything listed for Management UI. WST16 got me up and running and I haven't had any firewall issues.

edit: in fact, I have accidentally enabled/disabled a rule that would actually lock me out of the firewall and DSM has come back with a warning saying that doing so would lock me out. It does watch out for you I think.

View attachment 2674
The video i watched was the one Telos posted on the previous page. You have surveillance station allowed which shows for me under the same group as Management UI
-- post merged: --

“Same, same but different“
-- post merged: --


Please go
Control Panel > info center > Network tab
Under LAN 1
What is shown in front of IP Address
What is shown in front of subnet mask

Same for LAN 2
What is shown in front of IP Address
What is shown in front of subnet mask
Lan 1
192.168.1.82
255.255.255.0
Lan 2
169.254.102.114
255.255.0.0
 
Do exactly like the thread below for the first rule (to be at the top of the list) but replace the subnet in the thread with your subnet (192.168.1.0). So instead of 192.168.10.0 in the thread, you’ll have 192.168.1.0.

Again, have it as the first rule.
Keep “Canada” and Deny all. So keep the last two and add the one above as the first rule. Remove the rest.
You should end up with three rules (as described somewhere above).

Please help me understand making my NAS secure.
 
The video i watched was the one Telos posted on the previous page. You have surveillance station allowed which shows for me under the same group as Management UI
I added that rule well after I had WST16's rules set up. Everything worked without it. I only added it because I decided to set up surveillance cameras and wanted to run them on Surveillance Station. If you follow WST16's rules, you will still be able to access your NAS.

edit: the youtube guy could very well be correct for his setup; I don't know. I do know that my firewall works without it with my setup that WST16 walked me through.
 
Do exactly like the thread below for the first rule (to be at the top of the list) but replace the subnet in the thread with your subnet (192.168.1.0). So instead of 192.168.10.0 in the thread, you’ll have 192.168.1.0.

Again, have it as the first rule.
Keep “Canada” and Deny all. So keep the last two and add the one above as the first rule. Remove the rest.
You should end up with three rules (as described somewhere above).

Please help me understand making my NAS secure.
Ok I did exactly what you said. Now does this not still allow anyone with a Canadian IP to gain access?
 
Now does this not still allow anyone with a Canadian IP to gain access?
Yes, it will not block Canadian IP addresses. If you keep reading through NAS Newbie’s thread you’ll find other solutions that will enhance the basic firewall rules that you created. Please go through it.

There is no other way around it if you want such remote access, unless you can have static public ip addresses for all your devices, like your mobile phone (where you can define them in the firewall, which is very hard, if not impossible).

Another way is to close everything and configure VPN. But it won’t be as seamless as having it this way.

And one more option is to consider moving to a smaller country to limit the exposure. Liechtenstein, Nauru and Singapore are among some on the list. Although Canada is not populous, but you can never be too sure 😁
 
I use quickconnect to access my NAS, I Synology drive and Active backup for business to backup my pc, I use DS cloud and DS flie to backup my android phone.
I am not using my firewall and have a few questions.
1. Should I use the firewall and will this affect the apps I use?
2.Can the Firewall be used with Quickconnect?
3.Is quickconnect a safe way of logging in?
I am using the default port, should I change the port? Can the port be changed with using quickconnect?

Thank you
These days, the internet is extremely hostile. The accepted wisdom is not to do any of what you are discussing. Turn off UPnP and close all ports on your gateway firewall, VPN IN/OUT of your LAN. Its the only way to be sure.
 
These days, the internet is extremely hostile. The accepted wisdom is not to do any of what you are discussing. Turn off UPnP and close all ports on your gateway firewall, VPN IN/OUT of your LAN. Its the only way to be sure.
I mitigate the risks as much as I can, accept them and make an informed decision about what I’m doing. I don’t want to cripple the usefulness of my DiskStations.

Not saying that your way is wrong. It’s not. It’s the way you choose to use your device– it’s another way.

“This is the way” :)
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Welcome to the forum! No. That FS is no supported on external drives Ofc Using Hyper Backup your can do...
Replies
1
Views
680
There are tools in the synology app store that you can setup to backup to an AWS S3. Back it up to there...
Replies
6
Views
1,090
This is true and can be annoying. Though once logged in, local Plex servers remain accessible by the...
Replies
5
Views
2,528
no worries - LACP/LAG/Jumbo Frames/MTU is something I spent much of a full weekend implementing in an...
Replies
30
Views
3,875
I have DS Manager pro. I think the only calls it makes are to the AppStore and it’s done via Akamai. Might...
Replies
2
Views
1,877
So I've set up Tailscale for everything, and I'm not sure what I will stick with. It's fine for me, but...
Replies
10
Views
1,971

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top