Please help me understand making my NAS secure.

Currently reading
Please help me understand making my NAS secure.

472
94
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
Nah, he’ll be ok :)
Ok so you’re on subnet 192.168.10.0
We need this for the firewall.

Do you have a vpn service by the way to test with?

Oh just to make sure the mask settings is 255.255.255.0
Right?


No VPN set up and don't know where to find the mask settings. I've seen discussions of logging in using VPN, but haven't had a chance to research them yet. It was another thing I was going to ask you about if we didn't get to it in the course of discussion.
 
2,192
928
NAS
DS220+ : DS1019+ : DS920+ : DS118 : APC Back UPS ES 700 — Mac/iOS user
I don’t mean the DS vpn. I’m asking if you have a vpn service that you use on your pc or mobile.
The idea is to test access before and after. Although I’m confident that we can trust that it’s working.

For IP address and mask you can check control panel > info center > network tab
See at the bottom under LAN. On the DS that is.
 
472
94
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
I don’t mean the DS vpn. I’m asking if you have a vpn service that you use on your pc or mobile.
The idea is to test access before and after. Although I’m confident that we can trust that it’s working.

For IP address and mask you can check control panel > info center > network tab
See at the bottom under LAN. On the DS that is.

The mask is 255.255.255.0 as you thought. I don't use any vpn at all that I'm aware of. I use internet explorer to access DSM.
 
2,192
928
NAS
DS220+ : DS1019+ : DS920+ : DS118 : APC Back UPS ES 700 — Mac/iOS user
Last edited:
Ok.

Here we go.
We’ll enable the firewall and as a start configure 3 rules
1. Allow your internal lan access
2. Allow your country (U.S. you said) access
3. Block everything else

You have located the firewall in control panel under security, right?

Go, do not check enable firewall yet and edit
 
2,192
928
NAS
DS220+ : DS1019+ : DS920+ : DS118 : APC Back UPS ES 700 — Mac/iOS user
Last edited:
1st rule
7FE87B12-D3CA-4CC0-A1CC-6B094C1EFECE.jpeg
737D7BD2-4573-4833-A399-29957ED0D2D7.jpeg
 
472
94
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
You disappeared!

LOL. Sorry, yes. Kids just woke up from their naps. I'm going to have to take a break for today, but will try to get back to it tonight or tomorrow. I really appreciate you walking me through all of this. Hopefully it ends up being useful for others as well.
 
656
123
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
@WST16

There’s also the interface drop down on the top right. Should these rules (based on best practices) be configured on “all” interfaces or just “lan1”
 
2,192
928
NAS
DS220+ : DS1019+ : DS920+ : DS118 : APC Back UPS ES 700 — Mac/iOS user
In this case we should be working with “all interfaces”.
That’s the default when you click edit rules.

The “all interfaces” takes priority over individual interfaces in Rules priority.

Later when configuring VPN, we’ll need to do a slight change here.
I’ll leave the VPN configuration and the change in the firewall rules and router to someone who’s actually running VPN (as they should go together). Someone with both, experience and theory is better than someone with theory only. :)

I don’t run VPN.
 
2,192
928
NAS
DS220+ : DS1019+ : DS920+ : DS118 : APC Back UPS ES 700 — Mac/iOS user
To complete the picture for a better understanding, here’s a shot of what it looks like on my router under the port forwarding section.
I hope your dad is not around ;)

92



These are standard mail ports.
Just look at how they’re mapped. I added those, just like you’ve added 5000 and 5001 on yours.

Your router will have something like
5000-5000 5000-5000 192.168.10.250 enable
And another one for 5001

And here, we have the ports used by Synology. Scroll down to see where 5000 and 5001 are being used. It starts at web applications.

Give us an update on where you are in the firewall configuration, and we’ll continue implementing our simple 3 rules.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Thank you for the in depth info. Yes — I had posted the Router & NAS firewall rules. NAS, being behind...
Replies
8
Views
2,452
  • Question
thank you, thank you, thank you followed the link you sent and everything hunky-dory
Replies
5
Views
737
  • Question
Turned out I did have a key...so at least not quite as tragic....and..yes...stll disgusted as this was...
Replies
2
Views
978
  • Question
PF will help you for sure much more then syno fw
Replies
4
Views
1,730
If you are using Android, just choose "Continue" when screen mentioning "Certificate" appears after sign-in.
Replies
27
Views
4,850
This could be a job for… Renowned, conspiracy theorist at night and international diplomacy expert by...
Replies
32
Views
5,995

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top