Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

Access Control Profile still allowing remote login attempts

As an Amazon Associate, we may earn commissions from qualifying purchases. Learn more...

14
4
NAS
DS912+,DS220+,DS212
I have my firewall set to forward 5000-5001 for DSCam application access (and restrict based on GEO-IP) but want to deny access to the web based login pages for not only File Station and SS but also DSM, except from internal LAN.

I have set my Access Control Protocol, and set this profile to be used for FS and SS applications. However I'm still getting repeated hits on my DSM login page. I do NOT have any reverse proxies defined.

The auto-block (useless for random IP) and auto-lock have been set as a precautionary measure, along with 2FA, but I'd prefer to avoid these hits altogether.

Where is this functionality hiding (to block external access)?

Thanks in advance.

1673059993110.png


1673060099619.png




1673060310927.png
 
Solution
FIXED.

Turns out through the process of learning the settings/system, I inadvertently left the Access Control profile set to deny external web access to DSCam :rolleyes:

I'm now able to ONLY forward the S.Station Application ports through my firewall, while disabling DSM access. Thanks for the help!
Because each web application uses 443 port it is impossible to distinguish them on FW
It seems you confuse firewall with port forwarding.

Rusty has given you a good answer using reverse proxy, which then you would use the firewall to allow only your approved external IP. Alternately...
Suppose I want to allow access to Photos only for some external network
Then using port forwarding rules on your router you would redirect the incoming connection from the external network IP:443 to your NAS_IP:Drive port.

And so on...

Note: Edited to prevent stupid emoji override.
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Glad you got it sorted. With the ipad info you provided my next through was routing issues and was just...
Replies
8
Views
144
Yeeey I got everything working now! Thank you so much. Overseerr was installed using docker and Radarr...
Replies
4
Views
344
A simple enough task, but I’m missing something somewhere. I’m new to ipv6, so do please state the...
Replies
0
Views
228
Ok so that bit of information helped, works in local (home). So potentially the issue is with a) firewall...
Replies
6
Views
661
Maybe use a single port over reverse proxy, and push all other services via that single port so you do not...
Replies
1
Views
976
I just went into my nas, support services, turned on remote access which generated a support...
Replies
1
Views
683
Good that it is working! No, it is not a security risk. It will automatically use the stored credentials...
Replies
12
Views
1,523

Thread Tags

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top