How do you choose your DSM network ports?

Currently reading
How do you choose your DSM network ports?

467
90
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
I keep reading to change it from the default 5000/5001 to make it more difficult for bad guys to find my stuff. I know where to change the port; my question is how do you go about selecting a different number? I don't want to accidentally pick a port number that is even more common than 5000/5001.
 
467
90
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
I came across a post from @WST16 that addressed this question for me in a previous post. Looks like he's suggesting anything in these ranges?

 
467
90
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
followup question: is it possible to change the default ports of apps like bitwarden or hyperbackup? I haven't checked in BW, but I haven't found anything for HB yet. Seems like my port forward list on my router keeps growing.
 

Telos

Subscriber
2,446
792
NAS
DS418play, DS213j, DS3622+, DSM 7.2.4-11091
Seems like my port forward list on my router keeps growing.
You don't need to forward ports unless you need access outside your LAN. Also, reverse proxy can prove helpful if you do need external access, running all packages through a common port.
 
467
90
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
I forget about RP. I have it set up for bitwarden, but none of the other apps. I suppose I can set it up for all the syno mobile apps like moments, drive, and any other apps to all point to the same port with RP. I am not running a businesses off these; the most concurrent family users I'll probably have is 3 or 4, and that's rare. Is there any concern about overloading a port with RP?
 

fredbert

Moderator
NAS Support
Subscriber
3,706
1,482
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
[At the risk of being Captain Obvious again...]

With one Internet IP address from your ISP your router will have:
  1. TCP ports 0 - 65,535
  2. UDP ports 0 - 65,535
  3. A host of other IP protocols too List of IP protocol numbers - Wikipedia
The point is you have only one TCP 443 port and that can only be port forwarded to one LAN device. Run reverse proxy on this device and it can use the domain name in the URL to determine what to do next, respond with: local Web Station; local package’s Application Portal; reverse proxy towards another web server (eg local DSM; other web service); Web Station virtual host.

The reverse proxy device’s SSL certificate or certificates will be used to secure the inbound request so must cover all the domain names you use in the Subject Alternative Names field by either having a wildcard or each specific name listed.
 

fredbert

Moderator
NAS Support
Subscriber
3,706
1,482
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Is there any concern about overloading a port with RP?
How overloaded is overloaded?

If most of TCP 443 is going to be reversed proxied on the same device then it's only adding a bit of RP processing to the eventual load.

I'd guess most home users will be using their newest/biggest NAS as the RP so unlikely that this will be a problem.

Virtually all my services are running through one type of DSM reverse proxy and I've no problems, in a small home setup.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Shouldn't the subnet mask be 255.255.254.0 ? IP subnet 192.168.0.0 Subnet Mask 255.255.254.0 Allows access...
Replies
2
Views
585
Can you share the information? In case someone else comes with the same issue.
Replies
5
Views
735
Correct. That's a KB organization for you right there. I hear what you are after and breaking it down to...
Replies
3
Views
571
Latest update. I went on the Mac client and removed the entry on the hosts file. I then created an L2TP...
Replies
29
Views
5,567
Have you configured the new router to provide the same LAN subnet as the old router? How are IP addresses...
Replies
1
Views
1,235
Sorry, I thought I could edit my post but I can't see where to do that. Some additional info: I have also...
Replies
1
Views
1,419

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top