LAN services are accessible from the Internet?

Currently reading
LAN services are accessible from the Internet?

687
226
NAS
DS918+
Operating system
  1. macOS
Mobile operating system
  1. iOS
Any ideas as to hoe to resolve this one guys? The NAS needs to be accessible from the internet so that my forum can be accessed.

Screenshot 2021-04-05 at 06.50.10.jpg


If I choose the 'Open Control Panel' option it takes me to the 'configure router' page which has nothing set up on it.
 
The UpnP functionality is not working in most cases, and it is not safe to enable it. Better to setup the port forwarding manually in your router.
It depends on your forum software which port you need to forward.

Do not forget to set your FIREWALL on both the nas and the router in such a way that the system is still secured.Run the security advisor on highest level after each modification.
 
Upvote 0
Any ideas as to hoe to resolve this one guys? The NAS needs to be accessible from the internet so that my forum can be accessed.

View attachment 3353

If I choose the 'Open Control Panel' option it takes me to the 'configure router' page which has nothing set up on it.
hopefully you don’t have 445 open on the router
 
Upvote 0
For ipv4: if your nas has a public ip assigned, lock all ports down in the Syno firewall, except those required to access your forum. If you nas has a lan ip assigned, you will want to only forward the ports in your router to the nas that are required to acces the forum - never use the "expose host" feature.

For ipv6: even if it's called portfwarding with ipv6 in routers as well, in reality it not. It is simple routing and firewalling from the WAN-Ip to the public prefix-network and "portforwarding" in this context is merly setting up firewall rules to allow access to the target ip and port. Additionaly you can use the Syno firewall to lock down access further.

You might want to share more details about your setup...
 
Upvote 0
Thanks guys. Sorted. It turns out I had opened port 445 on the router. I assume that there was some reason for it but I can't remember why. :)

Only ports 80 & 443 are now forwarded on to the NAS and the security adviser now gives me a clean bill of health... phew.

Screenshot 2021-04-05 at 13.14.41.jpg
 
Upvote 0
I worked out why port 445 was opened, this is to allow file sharing with the iPad / iPhone over the WAN & LAN. With that closed I can't access any SMB shares.
So how do i fix the problem ref security versus access via SMB sharing?
 
Upvote 0
I worked out why port 445 was opened, this is to allow file sharing with the iPad / iPhone over the WAN & LAN. With that closed I can't access any SMB shares.
So how do i fix the problem ref security versus access via SMB sharing?
WebDAV protocol on Syno side
 
Upvote 0
So are you saying I need to block the port and set up a WebDAV server on the NAS if I want to access files using the MYNAS.MYDOMAIN.COM domain or quickconnect.synology.me?
 
Upvote 0
In any case close 445 over the internet, that's just bad. If you want to have a "file explorer" view in any app that supports WebDAV then that's the way. Another way you can access your files is using the default Synology apps. It all depends on how you want (and where) your data to be visible. But in any case, WebDAV will give you that "file explorer view" in a secure way.
 
Upvote 0
o_O Server Message Block - Wikipedia

So you've got SMB file sharing accessible to the Internet? Personally I would keep SMB well away from direct Internet access: use VPN Server to establish remote access for Internet clients and then use SMB through that.

Alternative file sharing from the Internet could be to use WebDAV server (as @Rusty mentioned), or enable SFTP but with a different TCP port than 22 (so you don't expose SSH to the Internet).

The options for how you access the NAS file services really depends on what devices you're using.
 
Upvote 0
this is to allow file sharing with the iPad / iPhone over the WAN & LAN
I now just read this bit.

The iOS Files app supports direct access to SMB file servers, so that's probably why you're using SMB over the Internet.

There are other apps that integrate into Files and support other file sharing methods, for example: DS file (but needs to login for every access); Synology Drive; Readdle Documents; File Manager (my preference but isn't free).
 
Upvote 0
Right I've blocked port 455 again.

Okay the Files App on the iPad / iPhone does support WebDAV but it looks to be limited I can access it on the LAN but even opening ports 5005 & 5006 to the internet on the router I'm unable to access on the WAN.

Yes I can access via DS FIle but that does not integrate properly into iOS and does not support dragging and dropping of files (looking to drag / drop images from a web page in Firefox into a folder). The same situation with Synology Drive.

As a matter on interest OneDrive does not support drag and drop either.

Red the File Manager app you refer to, which app is this as it looks like there are a few with the same name?
-- post merged: --

At least I've got my drag & drop working on the LAN so I'l manage with that and a copy of any files when on holiday etc.
 
Upvote 0
Okay the Files App on the iPad / iPhone does support WebDAV but it looks to be limited I can access it on the LAN but even opening ports 5005 & 5006 to the internet on the router I'm unable to access on the WAN
This should work just fine over the Internet, so it would be worth looking into it if you want to access this way.
 
Upvote 0
The problem looks to be if I look to connect to the server as MYNAS.MYDOMAIN.COM:5005 if I use IP_ADRESS:5005 it works. It also fails if I try QUICKCONNECT.synology.me:5005.

It seems it does not like the port being specified as part of the server name if a WAN connection is needed?
 
Upvote 0
I used paid FileBrowser* for ages and then recently-ish got FileBrowser Professional. You can try it out for free using their FileBrowserGO.

*I forgot it's name :)
 
Upvote 0
Last edited:
Gotcha will switch to 5006 for HTTPS.

Okay FileBrowserGo - it won't connect to WebDAV using MYNAS.MYDOMAIN.COM or IP_ADDRESS - I get error 405 method not allowed.
-- post merged: --

Okay I got it working in FileBrowserGO, it seems though you can't drag / drop a file onto a folder to put the file in the folder?
 
Upvote 0
The guys above know way more than me but if your skills are more akin to mine then you can try my logic - I throw another cheap router (EdgeRouter 3 in my case) in front of the NAS and pretend the real internal LAN is the WAN. That way I can test and learn without dropping my shorts completely to the real internet before I am convinced that all is ok.
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Your situation seems like it should be simple and that the security mechanisms are being overly pedantic...
Replies
10
Views
7,936
If your router doesn't have an isolated guest network, just get another cheap wireless router, connect its...
Replies
11
Views
8,397
This is a simple and yet effective solution for my lan (photo station, dsm administration). Thanks.
Replies
16
Views
32,082

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top