Question Firewall and NTP - help me read this rule

Currently reading
Question Firewall and NTP - help me read this rule

24
4
Router
  1. RT2600ac
I've enabled the NTP service on the router so that certain devices can use it.

Is this rule needed and is it allowing outside sources into the network?
2019-11-23_18-06-48.png
 

fredbert

Moderator
NAS Support
Subscriber
4,072
1,613
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
Operating system
  1. macOS
Mobile operating system
  1. iOS
Last edited:
Personally I don't run the NTP service on the router but on both my NAS (which sync to Internet NTP). I then direct SRM to use the backup NAS as its NTP server. If the Internet goes down and I need to reboot the router (which is more often the case when trying to troubleshoot or refresh after an outage) it will have a NTP service available. If I recall right, using 2-step verification can be time dependant and my SRM admin uses 2-step.

Your firewall rule is set to allow any device, LAN or Internet, to access your router for NTP, so I'd delete it. Likewise the disabled rule below it ... I would restrict web access to the SRM to local devices only. You can run VPN Plus and allow users to first authenticate using that and then they can using the SRM LAN IP to access the web portal.
 
24
4
Router
  1. RT2600ac
Thank you, I didn't think it should be there but was confused when enabling the service it was suggested. The rule below is disabled as well. Thank you,
 
24
4
Router
  1. RT2600ac
It was but saw that I didn't need it. Thank you though. I know these rules are basic in comparison to other firewalls but it's very interesting learning process. Especially when it comes to making sure that the outside can't reach certain devices.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Just asking again if more in-depth information or rules are available than link posted. I keep creating...
Replies
1
Views
219
Now I'm not looking on my phone.... The best you can do is to split the single 192.168.1.0/24 subnet and...
Replies
6
Views
307
ofc you can test the rules when they're setup. Ping from any device to any device within your LAN - ping...
Replies
11
Views
302
I spoke repeatedly with tier 1 technical who eventually had me allow tier 2 to SSH in and poke around...
Replies
3
Views
318
  • Question
@Gerard No port forwarding. No particular need as far as I know.
Replies
3
Views
356

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top