Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

How to find a specialist to assist in sorting out my NAS accessibility

As an Amazon Associate, we may earn commissions from qualifying purchases. Learn more...

11
1
NAS
DS1520+
Operating system
  1. Windows
Hi all I sorted out being able to access my NAS through a domain name using a static IP address and cloudflare (& ZeroTrust as an additional security layer), and had it working OK.
However our Broadband was slow so we upgraded to a fibre service to allow faster access for when I'm away but have kept the old service running until i have the NAS connected.
Straightforward you would think: change the IP that Cloudflare points to and hey presto.
But no it did not work, and I didn't have access to the router control panel to open the ports because of the service provider, eventually I got them to open up the required ports (it took weeks), but still no joy.
During this time I was working away a lot so was swapping between the two providers and had left the NAS connected to the new fibre connection for a period whilst away to see if it would eventually work. When I got back I swapped back to the slow working connection but that also was not working.

When I try to connect to photos.xxx.com which should take me to synology photos I receive the following message
"

This page isn’t working​

xxx.com redirected you too many times.

ERR_TOO_MANY_REDIRECTS

I keep spending hours and hours trying to get this to work properly and am getting know where fast.
I have got myself totally confused on various settings - is there any where I can go to find someone trustworthy to look at it all and fix my error?
Or possibly some check sheet that I can run through to make sure all settings are as they need to be?


Thanks for looking
 
With this type of error it is usually and end user issue. Do you have this with all selfhosted services or just for example photos.xxx? Any other site (public) reporting the same issue?

So apart from the ISP change, the CF Zero is still in effect?
 
Upvote 0
Rusty thankyou for responding.
I can connect to all services using quickconnect but can not connect to any via servicename.xxx.com
As a side issue I have temporarily gotten around the problem by creating a new user and only allowing them access to Synology Photos and denying them access to all other apps - is this a secure method, if a hacker got hold of these details could they somehow access the NAS and cause harm?
Its not great as it means users need to download the synologyphotos app.

Yes CF Zero is still active should I delete it and check to see if this is part of the cause?
I also have synology 2FA in place

I was wondering if I had the wrong certificates setup
Active Backup for businesssynology
Audiostation - port #xxx.com
Audiostation - audio.xxx.comxxx.com
FTPSsynology
Filestation - port #xxx.com
Filestation - files.xxx.comxxx.com
KMIPsynology
Log receivingsynology
Notestation - port #xxx.com
Notestation - Notes.xxx.comxxx.com
Quickconnectxxx.direct.quickconnect
Replication Servicesynology
Surveillancestation - port #xxx.com
Surveillancestation - Surveillance.xxx.comxxx.com
Synology Directory Servicesynology
Synology Drive Serversynology
Synology Storage Console Serversynology
SynologyDrive - port #xxx.com
SynologyDrive - drive.xxx.comxxx.com
SynologyPhotos - port #xxx.com
SynologyPhotos - photos.xxx.comxxx.com
System defaultsynology
Videostation - port #xxx.com
Videostation - Videos.xxx.comxxx.com
cam1.xxx.synology.mesynology
nas.xxx.comxxx.com
nas.xxx.com:5001xxx.com
xxx.comsynology

I was also wondering if I needed to update or change the certificates because of the change in static ip/provider but did not think that made sense?

I spoke to BT yesterday (not an easy task) and they told me to turn on DMZ : I did this but I'm sure it was working fine prior without this setting on.


DMZ​

Only one device, with either a static or a private DHCP address, can be placed into the DMZ. The BT Business Smart Hub will give it a private IP address and forward all appropriate traffic to this device.
Placing a device in the DMZ has significant implications for its security. Although it will still be behind the Hub's firewall, all unsolicited traffic not rejected by the firewall will be sent to this host by the Hub's Network Address Translator, increasing its vulnerability to attack.

Since turning it on I have had several emails advising
" [xxx.xxx.x.xxx] IP address [123.201.85.238] has been blocked by SynologyNAS via SMB " from various parts of the world
China, Bangladesh, Saudi Telecom Company JSC, Mexico.

I'm guessing I should be turning DMZ off to reduce the attacks?
 
Upvote 0
we upgraded to a fibre service
New provider? Are they CG-NAT? If so, it gets more complicated.
I spoke to BT yesterday (not an easy task) and they told me to turn on DMZ
Quite dangerous if you don't fully understand. We have a recent user who did that and is dealing now with ransomware.
 
Upvote 0
Last edited:
I have just realised that I had made a mistake on the bottom row of the certificate list - xxx.com should read xxx.com not synology.
I just went to open DSM on a local network address using Firefox browser and it advised it was insecure as usual, but instead of ignoring warning I checked the certificate which was the synology certificate not the xxx.com certificate which I'm not sure I understand.

Not sure if this is relevant but I have DNS server running, which has 3 zones

DNS Server
Zone IDdomain nameTypeStatus
serverid.local@Active Directoryserverid.localPrimaryEnabled
_msdcs.swarmcatcher.local@Active Directory_msdcs.serverid.localPrimaryEnabled
xxx.comxxx.comPrimaryEnabled
xxx.com Resouce Record
NameTypeTTLInformation
ns.xxx.comA86400xxx.xxx.xxx.xxx with no port allocation
photos.xxx.comA86400xxx.xxx.xxx.xxx with no port allocation
xxx.comA86400xxx.xxx.xxx.xxx with no port allocation
xxx.comNS86400xxx.xxx.xxx.xxx with no port allocation
www.xxx.comCNAME86400ns.xxx.com
Can provide details of the other 2 zones if required.
[automerge]1707315570[/automerge]
New provider? Are they CG-NAT? If so, it gets more complicated.

Quite dangerous if you don't fully understand. We have a recent user who did that and is dealing now with ransomware.

OK turning DMZ off straight away - thank you for the heads up.
I'm not sure if they are CG-NAT will attempt to find out - probably another 2 or 3 weeks to draw that out of them.
I do have a fixed IP with them - which took forever to get as they have a limited number available.
Jurassic Fibre is there name but recently purchased by someone else
 
Upvote 0
Currently I'm concentrating on getting it to run on the infuriatingly slow BT broadband, once that's running again I was going to attempt to move it across to the fibre broadband again
 
Upvote 0
I'm not sure if they are CG-NAT will attempt to find out - probably another 2 or 3 weeks to draw that out of them.
I do have a fixed IP with them - which took forever to get as they have a limited number available.
With a fixed IP, CG-NAT is not a concern.

You can determine that without your provider.
Load a “What's My IP” website, and note the public address you see. Then, open a command window on your PC and enter:

tracert xxx.xxx.xxx.xxx (where xxx.xxx.xxx.xxx is your “public” IP).

If the trace has a single hop, you have a public IP; if it has 2 hops you are in CG-NAT.
 
Upvote 0
Last edited:
With a fixed IP, CG-NAT is not a concern.

You can determine that without your provider.
Load a “What's My IP” website, and note the public address you see. Then, open a command window on your PC and enter:

tracert xxx.xxx.xxx.xxx (where xxx.xxx.xxx.xxx is your “public” IP).

If the trace has a single hop, you have a public IP; if it has 2 hops you are in CG-NAT.

Thank you Telos
Just done as per your suggestion and BT is static by looks of it but Jurassic I'm guessing is CG-NAT or something

Tracing route to host xx-xxx-x-xxx.in-addr.btopenworld.com [81.134.7.193]
over a maximum of 30 hops:

1 * 2 ms * host81-134-7-193.in-addr.btopenworld.com [xx-xxx-x-xxx]
2 * 2 ms * host81-134-7-193.in-addr.btopenworld.com [xx-xxx-x-xxx]
3 6 ms 1 ms * host81-134-7-193.in-addr.btopenworld.com [xx-xxx-x-xxx]
4 38 ms 43 ms 50 ms host81-134-7-193.in-addr.btopenworld.com [xx-xxx-x-xxx]

Trace complete.

C:\Windows\System32>tracert zzz.zzz.zzz.zzz

Tracing route to cust-141-195-179-134.jurassic-fibre.net [zzz.zzz.zzz.zzz]
over a maximum of 30 hops:

1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 Transmit error: code 1232.

Trace complete.
[automerge]1707334354[/automerge]
I presume you already tried the tips on internet: How to Fix The ERR_TOO_MANY_REDIRECTS Error

EAZ1964 Thank you for the suggestion, I have done a lot of what's on that page, although I have not cleared caches and reset chrome to original state mainly because of how many open tabs I have, but also I'm not sure it would help as I have same issue whether I'm using google chrome, Firefox, laptop or phone.

I'm thinking its going to be some setting that I have accidentally messed with whilst trying to change between the 2 broadband providers, unfortunately I have been unsuccessfully messing about trying out all sorts of solutions over the last few months

Just tried on my mobile again and got to the page from cloudflare ZeroTrust requesting a code which I inserted and next up was

This page isn’t working​

xxx.com redirected you too many times.

ERR_TOO_MANY_REDIRECTS

Again not excited about deleting all cookies but can not find on the android phone away to delete only the ones associated with the site.
 
Upvote 0
Just had a different error message from Firefox incognito on my android phone.

The page isn’t redirecting properly​

The browser has stopped trying to retrieve the requested item. The site is redirecting the request in a way that will never complete.
  • Have you disabled or blocked cookies required by this site?
  • If accepting the site’s cookies does not resolve the problem, it is likely a server configuration issue and not your device
 
Upvote 0
Just came across a setting in BT router on the Broadband - DNS Hosts tab. Where I had added the NAS using the Name resolution list but had not updated the IP address (there are 4 addresses available for the NAS and I had connected to one of the previously empty LAN connections).
Correcting this IP address did not solve my problem so I have disabled this function currently.

Not completely sure I understand its function - think its meant to speed up access to the apps when using local network?
 
Upvote 0
ICBW, but I find that Jurassic Fibre uses CGNAT (no IPv6 AFAIK). Not sure if they have a true fixed IP available to users. Seems like you have some homework ahead.
 
Upvote 0
Last edited:
nslookup xxx.com
Server: xxx.com
Addresses: 2606:4700:3030::6815:46f0
2606:4700:3031::ac43:8ca4
172.67.140.164 ISP: CloudFlare Inc. San Fransisco
104.21.70.240 ISP: CloudFlare Inc. San Fransisco

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to xxx.com timed-out
[automerge]1707342777[/automerge]
I'm using Cloudflare ZeroTrust as a security layer should I remove it?
or
should I turn of the synology NAS firewall temporarily and see if its a setting there?
[automerge]1707344407[/automerge]
Could 2FA be messing it up in combination with Clodflare ZeroTrust?
 
Upvote 0
ICBW, but I find that Jurassic Fibre uses CGNAT (no IPv6 AFAIK). Not sure if they have a true fixed IP available to users. Seems like you have some homework ahead.
For the time being I 'm concentrating on getting things back to working condition with the the BT line - then I will need to see what happens when I change it over to Jurassic, but going on our interactions with Jurassic so far, it will not be fun and likely very tedious.
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

No, that's merely Synology's implementation. It's what the Synology devs changed, not OpenVPN's default.
Replies
2
Views
1,500
ok I understand, wont deal more with it but thought it may mean more problems but ok gonna ignore this...
Replies
24
Views
3,382

Thread Tags

Tags Tags
nas

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top