Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature currently requires accessing the site using the built-in Safari browser.
No need to wait. Delete them nowAnd if that works okay I can delete two rules (inactive) above the last deny rule ?
Fair point but unlikely that only two hosts on the LAN are allowed (although there are two rules before it that might be for some local hosts).Unless it's meant to be one IP address in each rule, in which case the subnet mask should be 255.255.255.255 for a /32.
This is a “fetch” operation as far as I know. The NAS will check with the NTP service and read the time. There’s no need to allow NTP. DSM firewall examines inbound traffic only.NTP Service has to be on for the NAS to use NTP to correct its time?
That’s ok. You do have forward rules for these on the router, right?Management UI, File Station, Audio Station, Surveillance Station, Download Station, CMS) is so I can access the NAS remotely via <mynas>.mydomain.com? Or should I disable this as a security risk and access via the LAN only?
Web Station and Mail Station (is that what you mean by web mail?) use 80/443Web Station and Web Mail - so the forum will work? Or can these be turned off and the ports will be enough?
Is this Mac on the LAN? If so, then this is redundant as it’s covered by 192.168.1.0 / 255.255.255.0Synoligy Drive Server - needed so the Mac can backup via the Synology drive Client?
Ok. But did you change the source to your country only?Management UI, File Station, Audio Station, Surveillance Station, Download Station, CMS) is so I can access the NAS remotely via <mynas>.mydomain.com - I've left as I have it set and yes port forwards are controlled on the Orbi.
Thats ok. Then keep the source to your country.Ref remote access we don't holiday abroad (I don't fly - long story), I just prefer to access the NAS via <mynas>.mydomain.com:port instead of IP Address:port. Plus if I do have to access it I know I can do so. I did look to do it via the VPN last year but had all sorts of reliability issues with the connection.
No worries. The forum can help with that and I’m sure you’ll find it easy –you’re the TekGuru after allReverse proxy I've read about, still do not understand it, or know how to configure it and am worried I might lock myself out of the NAS [I did say networking was my weak area]
That’s good. Still some room for improvement that can be tackled some other time.I'm feeling a lot more secure connectivity wise than I was this morning!
If I find a clear Tutorial as to what a reverse proxy is
LE need access on port 80 from USA and sometimes some other countries. So if you denied USA access than it will not work! Better use DNS Challenge to renew LE Certs.It's possible that the firewall hardening I did yesterday has messed this up somehow?