Hi.
On my DS218 with DSM 7, I have multiple packages and want to have different firewall rules for each of them, because some services will be available world-wide, some of them just from my country and some of them will be just internal.
Synology Drive should be available publicly with no restrictions. It has its own subdomain name drive.example.com and uses default port (publicly it is 443 + 6690 for the Drive app).
Surveillance station uses its own subdomain cam.example.com with the default port (publicly 443) and should be accessible just from my local country. And here comes the tricky part - how to separate these two? They are different app packages on different subdomains via reverse proxy, but I did not find a way how to configure it via the built-in firewall. I can only choose external ports there, but both packages use the same external port (TCP/443).
I know I can limit source IPs/IP ranges in Access Control Profiles for reverse proxy apps, but I can't set there GeoIP restrictions - that is possible only via the built-in firewall. But the built-in firewall on the other hand does not support per package configuration if all packages use the same external port.
Am I missing something? Or how to configure it?
On my DS218 with DSM 7, I have multiple packages and want to have different firewall rules for each of them, because some services will be available world-wide, some of them just from my country and some of them will be just internal.
Synology Drive should be available publicly with no restrictions. It has its own subdomain name drive.example.com and uses default port (publicly it is 443 + 6690 for the Drive app).
Surveillance station uses its own subdomain cam.example.com with the default port (publicly 443) and should be accessible just from my local country. And here comes the tricky part - how to separate these two? They are different app packages on different subdomains via reverse proxy, but I did not find a way how to configure it via the built-in firewall. I can only choose external ports there, but both packages use the same external port (TCP/443).
I know I can limit source IPs/IP ranges in Access Control Profiles for reverse proxy apps, but I can't set there GeoIP restrictions - that is possible only via the built-in firewall. But the built-in firewall on the other hand does not support per package configuration if all packages use the same external port.
Am I missing something? Or how to configure it?