Moving DNS/DHCP/Reverse proxy/firewall responsibilites from my NAS to Ubiquiti? Possible?

Currently reading
Moving DNS/DHCP/Reverse proxy/firewall responsibilites from my NAS to Ubiquiti? Possible?

484
97
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
So now that I more or less have a rough understanding of how the synology networking works, my brother in law who is helping me set up some docker containers is asking if I'd be interested moving responsibility for DNS/DHCP/RP/firewall from my NAS over to my ubiquit/unifi gear. I'm guessing I'd probably have to give up my syno domain and register my own, which isn't the end of the world to me. I'm going to steal a graphic from my RP tutorial to demstrate what I assume would be happening in this scenario:

1613188940509.png


Basically I'm assuming that the router would host the RP rules, and instead of forwarding port 443 to the NAS, it would reverse proxy its port 443 to the desired NAS port.

So first question, is this even possible? I know I've seen settings for DNS/DHCP in my unifi controller, but haven't ever touched them.

2nd, if it is possible, should I do it? I'm guessing ubiquiti is far better at handling such things than synology, but I wouldn't know for sure. Just kind of testing the waters.

3rd, if it is possible, where would I start?

The end goal as my BIL sees it is to get the NAS back to a point where it is concerned with data-storage only, and isn't acting as the main worker for various docker apps and also handling all the networking. I'm currently running into both CPU and RAM limitations on my RS1219+. I have a spare Dell tower laying around unused that appears to be capable of reloaded with RancherOS. My BIL's idea is to convert the tower into a linux/docker server that is hosting all of my containers, and then the containers will point to the NAS for all input/output of data. All AI/machine learning stuff for apps like photoprism and Paperless-ng would be hosted on the tower. I just bought the 1219+ a couple months ago before I was aware of all the docker possibilities, so upgrading the NAS out out of the question for quite a while.

We'd then move the networking responsibilities off the NAS to the unifi gear to further compartmentalize responsibilities. This way, if my NAS goes down, I'm not losing remote access to my files because the RP rules would be on the router instead of the NAS and so I could still access my backup NAS via RP.

Overall, it looks like a more robust, powerful, and complicated solution that wouldn't cost me anything if it is possible. The tower is rated as twice as fast as the NAS cpu on several benchmarking sites, so I should see noticeable improvement.
 
Solution
Overall, it looks like a more robust, powerful, and complicated solution
Makes sense and it can be done yes. Even if your router can’t do RP role but everything else the spare pc can where the new docker setup will be. So in short, you can do all of the above without any problems.
Overall, it looks like a more robust, powerful, and complicated solution
Makes sense and it can be done yes. Even if your router can’t do RP role but everything else the spare pc can where the new docker setup will be. So in short, you can do all of the above without any problems.
 
Upvote 0
Solution
The end goal as my BIL sees it is to get the NAS back to a point where it is concerned with data-storage only, and isn't acting as the main worker for various docker apps and also handling all the networking.
I like his way of thinking. If your router can support any of this, it makes sense to delegate those tasks to it.
 
Upvote 1
my brother in law who...
The end goal as my BIL sees it
Undefined TLAs are convenient for the author (like txt speak) but less so for the reader. This confused me for a while: "my brother in law (BIL) who..."


DHCP on the router: this has been the norm for home routers since the advent of home routers. Using the router's DHCP service is probably what virtually all home users are doing. I am.

DNS on the router: there are two types of DNS service that a router may offer:
  1. DNS relay: when the LAN devices request DNS resolution from the router what happens is the router request the resolution from it's configured DNS servers (usually Internet servers). This will be what most home/ISP routers will do.
  2. DNS server: the router runs a configurable DNS server which permits you to add your own zones and resolved other zones using other DNS services.
On my RT2600ac I have DNS Server setup and it runs slave zones of my DSM DNS Server's master zones. Within the router's DHCP service, which is what serves LAN/WLAN devices, the DNS server setting is to the router's LAN IP.


As for reverse proxy, if you can do it then it's worth trying. Running a proxy usually requires more processing power that dealing with same amount of traffic at the network level.
 
Upvote 0
Which Ubiquiti & UniFi equipment are you running as a router as it can make a difference?

Older UniFi routers are still missing 'normal' features from the GUI and beyond that you are looking at JSON edits; the newer models are feature poor with a more locked down structure. Same goes for the new UNMS line.

EdgeRouters are still highly configurable though and some are pretty powerful too, making them easy to craft to your requirements and more.

I run an all UniFi setup apart from routing which I leave to an EdgeRouter-4 (I also have an ER-8 and ER-3 kicking around too). My default logic is also to run things on the router where possible so that there is no dependency on a NAS for regular networking.

Happy to swap ideas and settings if you need them.
 
Upvote 0
Last edited:
I have a Unifi Security Gateway 4p connected to a Unifi Switch 24 POE. I've tried looking stuff up on the unifi forum, but those guys love tech jargon even more than the guys on this forum 😛
-- post merged: --

Undefined TLAs are convenient for the author (like txt speak) but less so for the reader. This confused me for a while: "my brother in law (BIL) who..."

Sorry. Those two pieces were closer together in the original draft so I figured people would catch the transition but then I added a gob of stuff in between...
 
Upvote 0
Well the good news is the USG 4 Pro is a proper & powerful router under its posh frock - essentially it is an EdgeRouter-8 in disguise.

It will have no issues as a DHCP server(s) or as a forwarding/cashing DNS server (dnsmasq) or as a good firewall.

I don't know the unit well enough to know how or if it can help with Reverse Proxy though. Somebody on this forum will have more direct knowledge than I.
 
Upvote 0
Makes sense and it can be done yes. Even if your router can’t do RP role but everything else the spare pc can where the new docker setup will be. So in short, you can do all of the above without any problems.
Are you saying I could set up the tower to handle RP if my router can't? How would that work?
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top