Bitwarden and IPTables Logging

Currently reading
Bitwarden and IPTables Logging

I've been trying to set up bitwarden on my NAS and after having a port conflict and switching to port 445, I now have a working system... IF I turn off the firewall.

Needless to say, my intent is to have the same working state with the firewall on, but when opening port 445 and denying the rest (other than other ports I intend to use like 22, etc) bitwarden will not connect.

To try to debug this, I wanted to log dropped packets using the following command:

iptables -A INPUT -i eth1 -p tcp --dport 445 -j LOG --log-prefix "IPTABLES-DROPPED: "

but I got the following response:

iptables: No chain/target/match by that name.

This didn't make sense to me, and after looking into it a bit, I found something that I don't know how to get around.

It seems to me (I could be wrong) that the "-j LOG" portion of the command isn't working as intended. This made me think that maybe the kernel module isn't installed. So I did a spot check:

lsmod | grep LOG

returned:

xt_LOG 1423 0
x_tables 16302 21 ...,xt_LOG,...


So now I'm stumped.

  1. Is there anyone who has successfully been able to log DROPPED packets on a Synology NAS? If so, how?
  2. Can anyone help me get bitwarden running as it does without firewall, with firewall on?

Thanks in advance!


Note: I have also posted this on reddit (pointing it out before someone mentions it). I'm not sure what the best method of getting both audiences to see this is. Apologies if this method was not the best.
 

Rusty

Moderator
NAS Support
2,903
882
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Well have you tried getting BW running on a different port? Saying this considering that 445 is a reserved port for SMB/CIFS.
 
Last edited:
I tried 444...? same result. If it's possible, I'd like to run it on 443 but I had a bind issue that I thought was due to running PhotoStation on the same domain.

For more context, in case it's helpful:

Running 718+
Reverse Proxy for BW

Photostation, etc on subdomain: _.synology.me
BW on sub-subdomain: bw._.synology.me

Mostly followed the guide here:
 
133
34
NAS
DS918+, DS1815+
Operating system
  1. Linux
  2. macOS
Mobile operating system
  1. Android
When you use reverse proxy then port 443 is for your secured (https) connections. So it is not possible that photo station has port 443 but must have its own port provided by the nas.
 
Ahh I guess that makes sense. So you're saying I can run them both through 443 as long as they each reverse proxy separately to other ports from different subdomains? Meaning that I need to change the default port of anything using 443 to something else?
 

Rusty

Moderator
NAS Support
2,903
882
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Ahh I guess that makes sense. So you're saying I can run them both through 443 as long as they each reverse proxy separately to other ports from different subdomains? Meaning that I need to change the default port of anything using 443 to something else?
Correct
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Trending threads

Top