Coming Back For More on DDNS and Remote Access

Currently reading
Coming Back For More on DDNS and Remote Access

13
1
NAS
DS218Play
Operating system
  1. Windows
Mobile operating system
  1. iOS
Thank you to both Rusty and WST16 for their rapid and helpful responses to my first question yesterday. Having read the recommended documents I am wiser, but not necessarily sufficiently to take meaningful action. I think I see what to do and then as I try to implement it, I remain confused.

My needs are straightforward. I want to use my DS218Play to;

1. backup music and video
2. Play music and video using the relevant DS Audio and DS Video apps within my local network
3. Play music and video using the DS Audio and DS Video apps remotely
4. Use the Amazon Echo Audio Station skill to play music on Echo devices

Now, I have all this working, after a fashion, with DDNS (let’s all it “pjh01.synology.me”) & certificate. I say ”after a fashion” as i suspect the setup is far from optimal, using port forwarding which seems a tad messy and possibly insecure.

I think I can see the Application Portal and Reverse Proxy as a way into this, based on the application that is trying to access the NAS. So,

question 1. Does the NAS understand from which app it is receiving a request?

and if the answer to that is “yes”,

question 2. How do I relate the app I see in the Application Portal to the FQDN required in the Reverse Proxy? is it as straightforward as the FQDN for these specific apps as being ”audio.synology.me” and “video.pjh01.synology.me”?

Thanks again for all your help here.
Paul
 
question 1. Does the NAS understand from which app it is receiving a request?
In short yes. The name of the app (public url) will be used by the reverse proxy and redirect to a specific app that you have configured your reverse host with.

question 2. How do I relate the app I see in the Application Portal to the FQDN required in the Reverse Proxy? is it as straightforward as the FQDN for these specific apps as being ”audio.synology.me” and “video.pjh01.synology.me”?
Yes you will have a public name for each app and forward its requests using reverse proxy to their local addresses and port numbers.
 
Upvote 0
Ok, progress (of sorts). All instructions followed:

Application Portal set so that audio station gets Port xxxx and video station yyyy

Reverse Proxy rules set so that FQDN audio.myserver.synology.me Destination Port is xxxx and video.myserver.synology.me Destination Port is yyyy. In both cases Source Port is 443

Port-forwarding now slashed to just 443 on my router.

All well and good when plugging the FQDN into a browser, works a treat. Two glitches, and both may be related to the behaviour of the iOS and Android apps (“the Apps”) that I have on my iPad and Fire Stick.

1. When using the Apps I need to append 443 to the FQDN as set in the RP rules (something I don’t need to do with a browser) when presented with the App login.

2. When using the Apps, the login page will ONLY accept the appended FQDN format described in point 1, it will not accept the “internal” address of the NAS with the modified ports defined by the AP, i.e. aaa.bbb.cc.dd:yyyy for video station. Browsers are, however, quite happy to accept this form.

The first one I can live with, but in requiring the app to step to the external network to then step back into the internal the second one seems odd to me, particularly as the Fire Stick that uses the video app will never be on anything other than the internal network.

Have I missed or misunderstood a step?

many thanks.
 
Upvote 0
1. When using the Apps I need to append 443 to the FQDN as set in the RP rules (something I don’t need to do with a browser) when presented with the App login.
Take a look at this thread. It'll explain…

but in requiring the app to step to the external network to then step back into the internal the second one seems odd to me
If I understood correctly what you're describing (and if it's working), this means that your router has loopback enabled (hairpinning). This is normal. Your traffic will appear as if it's coming from the router. Login to one of the apps internally (over local LAN) using the new FQDN and check the connected users on your DiskStation, you should see your router's IP address (not the client's). It’s not going out and coming back in.
 
Upvote 0
2. When using the Apps, the login page will ONLY accept the appended FQDN format described in point 1, it will not accept the “internal” address of the NAS with the modified ports defined by the AP, i.e. aaa.bbb.cc.dd:yyyy for video station. Browsers are, however, quite happy to accept this form.
using internal address and port should work just fine. What error do you get?
 
Upvote 0
Last edited:
If I understood correctly what you're describing (and if it's working), this means that your router has loopback enabled (hairpinning). This is normal. Your traffic will appear as if it's coming from the router. Login to one of the apps internally (over local LAN) using the new FQDN and check the connected users on your DiskStation, you should see your router's IP address (not the client's). It’s not going out and coming back in.

Thanks. That is exactly what I see.
-- post merged: --

using internal address and port should work just fine. What error do you get?
776134E5-E4C6-4DDE-940E-870B08995365.jpeg


The port number is correctly preceded by”:”. My thick fingers couldn’t quite get the overwriting accurate enough.
 
Upvote 0
running it on http then? Any firewall rules?
I’ve tried setting an http port as well, and get the same result. I need to do some research on the firewall, as I use Eero for my WiFi with the “Secure” option so there may be something hiding in there that is having an impact. I’ll report back when I have had a look.

Many thanks to all who continue to help directly or have put together a tutorial. I really appreciate it.
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I called the provider and he told me that I don't have a nat, just for business(( :cry:
Replies
2
Views
572
Once I got the NAS up and running with internet connection again, I was able to reauthenticate Tailscale...
Replies
7
Views
699
A quick search of the Zyxel and port forwarding 443 does seem to be a bit of impossible according to one...
Replies
15
Views
1,321
  • Question
Welcome to the forum. I never got it to work. In the end I maintained Namecheap DDNS via DNS-o-Matic...
Replies
1
Views
1,931
Yep. Am on 900/900. Fortunately Fiberhop is small enough to talk turkey with, any of the big isps are...
Replies
7
Views
1,976

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top