Please help me understand making my NAS secure.

Currently reading
Please help me understand making my NAS secure.

WST16

WST16

1,817
758
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Oh just to make sure the mask settings is 255.255.255.0
Right?
 
NAS Newbie

NAS Newbie

Subscriber
446
91
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
WST16 said:
Nah, he’ll be ok :)
Ok so you’re on subnet 192.168.10.0
We need this for the firewall.

Do you have a vpn service by the way to test with?

Oh just to make sure the mask settings is 255.255.255.0
Right?
Click to expand...


No VPN set up and don't know where to find the mask settings. I've seen discussions of logging in using VPN, but haven't had a chance to research them yet. It was another thing I was going to ask you about if we didn't get to it in the course of discussion.
 
WST16

WST16

1,817
758
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
I don’t mean the DS vpn. I’m asking if you have a vpn service that you use on your pc or mobile.
The idea is to test access before and after. Although I’m confident that we can trust that it’s working.

For IP address and mask you can check control panel > info center > network tab
See at the bottom under LAN. On the DS that is.
 
NAS Newbie

NAS Newbie

Subscriber
446
91
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
WST16 said:
I don’t mean the DS vpn. I’m asking if you have a vpn service that you use on your pc or mobile.
The idea is to test access before and after. Although I’m confident that we can trust that it’s working.

For IP address and mask you can check control panel > info center > network tab
See at the bottom under LAN. On the DS that is.
Click to expand...

The mask is 255.255.255.0 as you thought. I don't use any vpn at all that I'm aware of. I use internet explorer to access DSM.
 
WST16

WST16

1,817
758
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Last edited:
Ok.

Here we go.
We’ll enable the firewall and as a start configure 3 rules
1. Allow your internal lan access
2. Allow your country (U.S. you said) access
3. Block everything else

You have located the firewall in control panel under security, right?

Go, do not check enable firewall yet and edit
 
WST16

WST16

1,817
758
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Here comes the first rule. Hang on for the screenshots
 
WST16

WST16

1,817
758
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Last edited:
1st rule
7FE87B12-D3CA-4CC0-A1CC-6B094C1EFECE.jpeg
737D7BD2-4573-4833-A399-29957ED0D2D7.jpeg
 
WST16

WST16

1,817
758
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Can you do rule 2 or do you need screenshots?
Rule 2 enables USA access.
 
WST16

WST16

1,817
758
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Rule 2
Click create
For ports choose all
For source ip choose location and click select and search for USA and choose it
Action: allow
 
NAS Newbie

NAS Newbie

Subscriber
446
91
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
WST16 said:
You disappeared!
Click to expand...

LOL. Sorry, yes. Kids just woke up from their naps. I'm going to have to take a break for today, but will try to get back to it tonight or tomorrow. I really appreciate you walking me through all of this. Hopefully it ends up being useful for others as well.
 
WST16

WST16

1,817
758
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Sure, no problems. Good luck...
 
G

Gerard

357
67
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
@WST16

There’s also the interface drop down on the top right. Should these rules (based on best practices) be configured on “all” interfaces or just “lan1”
 
WST16

WST16

1,817
758
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
In this case we should be working with “all interfaces”.
That’s the default when you click edit rules.

The “all interfaces” takes priority over individual interfaces in Rules priority.

Later when configuring VPN, we’ll need to do a slight change here.
I’ll leave the VPN configuration and the change in the firewall rules and router to someone who’s actually running VPN (as they should go together). Someone with both, experience and theory is better than someone with theory only. :)

I don’t run VPN.
 
WST16

WST16

1,817
758
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
To complete the picture for a better understanding, here’s a shot of what it looks like on my router under the port forwarding section.
I hope your dad is not around ;)

92



These are standard mail ports.
Just look at how they’re mapped. I added those, just like you’ve added 5000 and 5001 on yours.

Your router will have something like
5000-5000 5000-5000 192.168.10.250 enable
And another one for 5001

And here, we have the ports used by Synology. Scroll down to see where 5000 and 5001 are being used. It starts at web applications.

Give us an update on where you are in the firewall configuration, and we’ll continue implementing our simple 3 rules.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads
Thread starter Title Forum Date
L Question Need some help to clarify some doubts (about security) System Security
NAS Newbie I don't recognize login activity...Help! System Security

Similar threads

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Top