Firewall smb setting

Currently reading
Firewall smb setting

Cyberwasp said:
OK, I unchecked that. Not sure why it was there unless my hand jerked while putting something else in. It's been a long day!
Click to expand...
Delete it, it’s not needed. If that is for local within your network connections then it’s covered by rule 1.

Next rule 2 you have management, file station and whatever else is in there opened for all (any) ip’s. This means all local ips (duplicate of rule 1) and any public ip worldwide. As an example a connection from Russia is allowed with rule 2. Rule 2 should be for external connections, therefore only allow the countries that are needed. Once this is completed delete rule 3 (any/any/USA) as this is now not only more wide open than rule 2 but it is a duplicate as well.

Your rule 3 (any/any/us) is opened to all ips everywhere and you haven’t limited packages. So things like ssh, ftp, etc are allowed in because any means all packages all ports.

Update and send another screenshot. You’re practically all set and done. 97% there
 
So you just want the first one and then the Deny. That is scary as everything I've read says the management UI should be the first thing, otherwise you get locked out and have to reset the nas!
 
Cyberwasp said:
So you just want the first one and then the Deny. That is scary as everything I've read says the management UI should be the first thing, otherwise you get locked out and have to reset the nas!
Click to expand...
Rule 1 - The first one already has management ui for your local network.

Rule 2 - The second one will only be for things you need access to outside of your local network. If you need management ui outside of your network allow management, source ip for only the countries you’ll be in accessing your nas from outside your network.

Rule 3 - deny all
 
I got in!
 

Attachments

  • fw.JPG
    fw.JPG
    48.5 KB · Views: 28
Ok so as you have it now only devices in your local home network can access the nas with no restrictions. You’re allowing everything for your local subnet, which is good. with rule 1 you allow management, smb, ws discovery, etc. it’s everything because it’s a trusted network.

Now do you need to access your nas from outside of your network (when you’re away from home)? If so what do you need access to? And where do you need access from? Create another rule and position it as number 2. This rule should have a source ip of where you’re going to be accessing it from, such as your home country.
 
Ok, I had a bunch of users from outside using synology photos from their phones and they connect via OpenVPN. Before I started this, I moved them to a friend's nas, just in case. I also use the photos app on my phone!
 
Last edited:
Ok so in order to allow the OpenVPN connection to get to your nas, add a rule 2 allow OpenVPN and select the country they are coming from. Additionally if there’s anything else that connects into your nas from outside the home, add that package or port to rule 2. Rule 2 is going to be for the external connections outside of your local connections (local - which is covered in rule 1). Prior to adding this rule you can test with your cell phone turn off wifi and go on cell network try to connect to your nas, you won’t be able to that is why you need rule 2 for the external connections (when your not home or on wifi).

Then we’ll move on to allowing the vpn user to access the data/services on the NAS,
 
Ok, Synology photos and mailplus or photos client are not connecting via cell. I tried adding mail plus to the firewall, but no luck. I don't see one for photos!
 
Cyberwasp said:
no I don't
Click to expand...
Ok with rule 2 add management ui which is ports 5000/5001 for now. Not only do these ports do dsm management but it also allows for some packages that utilize the 5000/5001 ports such as photos, mail plus, vide audio station etc. Test your services again on cell network such as photos, and you should be able to connect now.
 
Ah ha, II should have tried that before. No, disabling firewall made no difference. although before with my ratty firewall I could connect with cellular but not always
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

M
  • Question
Synology Assistant is being blocked by the firewall. How do you configure the firewall to allow
I had the exact same problem. In my case, I found 2 rules for dsassistant in the firewall inbound rules...
Replies
2
Views
8,124
Filip
F
Jan Janowski
Regarding the recent NAS SMB update
From what I understand..... If I'm wrong, please correct me! The update needs these rules to be allowed...
Replies
10
Views
965
Jan Janowski
Jan Janowski
M
Very slow SMB/NFS
Are you absolutely certain your cables are good for GB. I went so far as only use CAT6.
Replies
9
Views
1,139
Jan Janowski
Jan Janowski
tekguru
  • Question
Connectivity to the NAS as smb://nasname from iPad / iPhone?
Excellent tip! I had the same issue, I stumbled into this forum as I was looking for a solution and it...
Replies
11
Views
6,758
Michelefurio
M
J
  • Question
Can nextcloud datafolder be shared with smb/samba?
oh, ok. sorry
Replies
8
Views
6,493
jeraisel
J
O
SMB setup on Android via foldersync app
Indeed, or otherwise use VPN first.
Replies
4
Views
8,963
Shadow
Shadow
A
SMB Questions
Many vulnerabilities are due to malformed packets that don't conform fully to the specification: the...
Replies
13
Views
7,262
fredbert
fredbert

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Back
Top