Access Control Profile still allowing remote login attempts

Currently reading
Access Control Profile still allowing remote login attempts

14
4
NAS
DS912+,DS220+,DS212
I have my firewall set to forward 5000-5001 for DSCam application access (and restrict based on GEO-IP) but want to deny access to the web based login pages for not only File Station and SS but also DSM, except from internal LAN.

I have set my Access Control Protocol, and set this profile to be used for FS and SS applications. However I'm still getting repeated hits on my DSM login page. I do NOT have any reverse proxies defined.

The auto-block (useless for random IP) and auto-lock have been set as a precautionary measure, along with 2FA, but I'd prefer to avoid these hits altogether.

Where is this functionality hiding (to block external access)?

Thanks in advance.

1673059993110.png


1673060099619.png




1673060310927.png
 
Solution
FIXED.

Turns out through the process of learning the settings/system, I inadvertently left the Access Control profile set to deny external web access to DSCam :rolleyes:

I'm now able to ONLY forward the S.Station Application ports through my firewall, while disabling DSM access. Thanks for the help!
Because each web application uses 443 port it is impossible to distinguish them on FW
It seems you confuse firewall with port forwarding.

Rusty has given you a good answer using reverse proxy, which then you would use the firewall to allow only your approved external IP. Alternately...
Suppose I want to allow access to Photos only for some external network
Then using port forwarding rules on your router you would redirect the incoming connection from the external network IP:443 to your NAS_IP:Drive port.

And so on...

Note: Edited to prevent stupid emoji override.
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Well, that was something that happened to people who don't follow best practices and were not up to date...
Replies
13
Views
3,144
  • Question
It sounds that the main focus is a LAN reconfiguration of DHCP and DNS services so that dynamically...
Replies
1
Views
572
Had simelar issue last Thursday. Router and 1 NAS worked, 2 NAS’s didn’t! This occurred as I was adding...
Replies
5
Views
847
  • Question
I guess "my Firewall" is the firewall on the Synology? a step by step tutorial can be found online like...
Replies
1
Views
846
OK at last, worked it out, you have to install Synology app on PC first then add name amd password then...
Replies
12
Views
1,338
There are three MASQUERADE rules* but I cannot see how they relate to the don't NAT name, or anything else...
Replies
45
Views
4,210

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top