Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

Firewall smb setting

OK, I unchecked that. Not sure why it was there unless my hand jerked while putting something else in. It's been a long day!
 
OK, I unchecked that. Not sure why it was there unless my hand jerked while putting something else in. It's been a long day!
Delete it, it’s not needed. If that is for local within your network connections then it’s covered by rule 1.

Next rule 2 you have management, file station and whatever else is in there opened for all (any) ip’s. This means all local ips (duplicate of rule 1) and any public ip worldwide. As an example a connection from Russia is allowed with rule 2. Rule 2 should be for external connections, therefore only allow the countries that are needed. Once this is completed delete rule 3 (any/any/USA) as this is now not only more wide open than rule 2 but it is a duplicate as well.

Your rule 3 (any/any/us) is opened to all ips everywhere and you haven’t limited packages. So things like ssh, ftp, etc are allowed in because any means all packages all ports.

Update and send another screenshot. You’re practically all set and done. 97% there
 
So you just want the first one and then the Deny. That is scary as everything I've read says the management UI should be the first thing, otherwise you get locked out and have to reset the nas!
 
So you just want the first one and then the Deny. That is scary as everything I've read says the management UI should be the first thing, otherwise you get locked out and have to reset the nas!
Rule 1 - The first one already has management ui for your local network.

Rule 2 - The second one will only be for things you need access to outside of your local network. If you need management ui outside of your network allow management, source ip for only the countries you’ll be in accessing your nas from outside your network.

Rule 3 - deny all
 
I got in!
 

Attachments

  • fw.webp
    fw.webp
    17.2 KB · Views: 37
Ok so as you have it now only devices in your local home network can access the nas with no restrictions. You’re allowing everything for your local subnet, which is good. with rule 1 you allow management, smb, ws discovery, etc. it’s everything because it’s a trusted network.

Now do you need to access your nas from outside of your network (when you’re away from home)? If so what do you need access to? And where do you need access from? Create another rule and position it as number 2. This rule should have a source ip of where you’re going to be accessing it from, such as your home country.
 
Ok, I had a bunch of users from outside using synology photos from their phones and they connect via OpenVPN. Before I started this, I moved them to a friend's nas, just in case. I also use the photos app on my phone!
 
Last edited:
Ok so in order to allow the OpenVPN connection to get to your nas, add a rule 2 allow OpenVPN and select the country they are coming from. Additionally if there’s anything else that connects into your nas from outside the home, add that package or port to rule 2. Rule 2 is going to be for the external connections outside of your local connections (local - which is covered in rule 1). Prior to adding this rule you can test with your cell phone turn off wifi and go on cell network try to connect to your nas, you won’t be able to that is why you need rule 2 for the external connections (when your not home or on wifi).

Then we’ll move on to allowing the vpn user to access the data/services on the NAS,
 
Ok, Synology photos and mailplus or photos client are not connecting via cell. I tried adding mail plus to the firewall, but no luck. I don't see one for photos!
 
no I don't
Ok with rule 2 add management ui which is ports 5000/5001 for now. Not only do these ports do dsm management but it also allows for some packages that utilize the 5000/5001 ports such as photos, mail plus, vide audio station etc. Test your services again on cell network such as photos, and you should be able to connect now.
 
Ah ha, II should have tried that before. No, disabling firewall made no difference. although before with my ratty firewall I could connect with cellular but not always
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

From what I understand..... If I'm wrong, please correct me! The update needs these rules to be allowed...
Replies
10
Views
1,455
Are you absolutely certain your cables are good for GB. I went so far as only use CAT6.
Replies
9
Views
2,371
Welcome to the forum. Once you configure your new 723 as a new NAS, you can use the built in (installed...
Replies
1
Views
103

Thread Tags

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top