Please help me understand making my NAS secure.

Currently reading
Please help me understand making my NAS secure.

1,997
846
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Oh just to make sure the mask settings is 255.255.255.0
Right?
 

NAS Newbie

Subscriber
456
89
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
Nah, he’ll be ok :)
Ok so you’re on subnet 192.168.10.0
We need this for the firewall.

Do you have a vpn service by the way to test with?

Oh just to make sure the mask settings is 255.255.255.0
Right?


No VPN set up and don't know where to find the mask settings. I've seen discussions of logging in using VPN, but haven't had a chance to research them yet. It was another thing I was going to ask you about if we didn't get to it in the course of discussion.
 
1,997
846
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
I don’t mean the DS vpn. I’m asking if you have a vpn service that you use on your pc or mobile.
The idea is to test access before and after. Although I’m confident that we can trust that it’s working.

For IP address and mask you can check control panel > info center > network tab
See at the bottom under LAN. On the DS that is.
 

NAS Newbie

Subscriber
456
89
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
I don’t mean the DS vpn. I’m asking if you have a vpn service that you use on your pc or mobile.
The idea is to test access before and after. Although I’m confident that we can trust that it’s working.

For IP address and mask you can check control panel > info center > network tab
See at the bottom under LAN. On the DS that is.

The mask is 255.255.255.0 as you thought. I don't use any vpn at all that I'm aware of. I use internet explorer to access DSM.
 
1,997
846
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Last edited:
Ok.

Here we go.
We’ll enable the firewall and as a start configure 3 rules
1. Allow your internal lan access
2. Allow your country (U.S. you said) access
3. Block everything else

You have located the firewall in control panel under security, right?

Go, do not check enable firewall yet and edit
 
1,997
846
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Here comes the first rule. Hang on for the screenshots
 
1,997
846
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Last edited:
1st rule
7FE87B12-D3CA-4CC0-A1CC-6B094C1EFECE.jpeg
737D7BD2-4573-4833-A399-29957ED0D2D7.jpeg
 
1,997
846
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Can you do rule 2 or do you need screenshots?
Rule 2 enables USA access.
 
1,997
846
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Rule 2
Click create
For ports choose all
For source ip choose location and click select and search for USA and choose it
Action: allow
 

NAS Newbie

Subscriber
456
89
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
You disappeared!

LOL. Sorry, yes. Kids just woke up from their naps. I'm going to have to take a break for today, but will try to get back to it tonight or tomorrow. I really appreciate you walking me through all of this. Hopefully it ends up being useful for others as well.
 
1,997
846
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Sure, no problems. Good luck...
 
383
76
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
@WST16

There’s also the interface drop down on the top right. Should these rules (based on best practices) be configured on “all” interfaces or just “lan1”
 
1,997
846
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
In this case we should be working with “all interfaces”.
That’s the default when you click edit rules.

The “all interfaces” takes priority over individual interfaces in Rules priority.

Later when configuring VPN, we’ll need to do a slight change here.
I’ll leave the VPN configuration and the change in the firewall rules and router to someone who’s actually running VPN (as they should go together). Someone with both, experience and theory is better than someone with theory only. :)

I don’t run VPN.
 
1,997
846
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
To complete the picture for a better understanding, here’s a shot of what it looks like on my router under the port forwarding section.
I hope your dad is not around ;)

92



These are standard mail ports.
Just look at how they’re mapped. I added those, just like you’ve added 5000 and 5001 on yours.

Your router will have something like
5000-5000 5000-5000 192.168.10.250 enable
And another one for 5001

And here, we have the ports used by Synology. Scroll down to see where 5000 and 5001 are being used. It starts at web applications.

Give us an update on where you are in the firewall configuration, and we’ll continue implementing our simple 3 rules.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
PF will help you for sure much more then syno fw
Replies
4
Views
342
If you are using Android, just choose "Continue" when screen mentioning "Certificate" appears after sign-in.
Replies
27
Views
3,686
This could be a job for… Renowned, conspiracy theorist at night and international diplomacy expert by...
Replies
32
Views
4,970

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top