Please help me understand making my NAS secure.

Currently reading
Please help me understand making my NAS secure.

Nah, he’ll be ok :)
Ok so you’re on subnet 192.168.10.0
We need this for the firewall.

Do you have a vpn service by the way to test with?

Oh just to make sure the mask settings is 255.255.255.0
Right?


No VPN set up and don't know where to find the mask settings. I've seen discussions of logging in using VPN, but haven't had a chance to research them yet. It was another thing I was going to ask you about if we didn't get to it in the course of discussion.
 
I don’t mean the DS vpn. I’m asking if you have a vpn service that you use on your pc or mobile.
The idea is to test access before and after. Although I’m confident that we can trust that it’s working.

For IP address and mask you can check control panel > info center > network tab
See at the bottom under LAN. On the DS that is.
 
I don’t mean the DS vpn. I’m asking if you have a vpn service that you use on your pc or mobile.
The idea is to test access before and after. Although I’m confident that we can trust that it’s working.

For IP address and mask you can check control panel > info center > network tab
See at the bottom under LAN. On the DS that is.

The mask is 255.255.255.0 as you thought. I don't use any vpn at all that I'm aware of. I use internet explorer to access DSM.
 
Last edited:
Ok.

Here we go.
We’ll enable the firewall and as a start configure 3 rules
1. Allow your internal lan access
2. Allow your country (U.S. you said) access
3. Block everything else

You have located the firewall in control panel under security, right?

Go, do not check enable firewall yet and edit
 
Last edited:
1st rule
7FE87B12-D3CA-4CC0-A1CC-6B094C1EFECE.jpeg
737D7BD2-4573-4833-A399-29957ED0D2D7.jpeg
 
In this case we should be working with “all interfaces”.
That’s the default when you click edit rules.

The “all interfaces” takes priority over individual interfaces in Rules priority.

Later when configuring VPN, we’ll need to do a slight change here.
I’ll leave the VPN configuration and the change in the firewall rules and router to someone who’s actually running VPN (as they should go together). Someone with both, experience and theory is better than someone with theory only. :)

I don’t run VPN.
 
To complete the picture for a better understanding, here’s a shot of what it looks like on my router under the port forwarding section.
I hope your dad is not around ;)

92



These are standard mail ports.
Just look at how they’re mapped. I added those, just like you’ve added 5000 and 5001 on yours.

Your router will have something like
5000-5000 5000-5000 192.168.10.250 enable
And another one for 5001

And here, we have the ports used by Synology. Scroll down to see where 5000 and 5001 are being used. It starts at web applications.

Give us an update on where you are in the firewall configuration, and we’ll continue implementing our simple 3 rules.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Unless your home network is CGNAT, Tailscale offers no real advantage over VPN or HTTPS. Keep it simple...
Replies
3
Views
1,180
Thank you for the in depth info. Yes — I had posted the Router & NAS firewall rules. NAS, being behind...
Replies
8
Views
3,588
  • Question
thank you, thank you, thank you followed the link you sent and everything hunky-dory
Replies
5
Views
1,839
  • Question
Turned out I did have a key...so at least not quite as tragic....and..yes...stll disgusted as this was...
Replies
2
Views
2,250
  • Question
PF will help you for sure much more then syno fw
Replies
4
Views
2,934
If you are using Android, just choose "Continue" when screen mentioning "Certificate" appears after sign-in.
Replies
27
Views
6,188
This could be a job for… Renowned, conspiracy theorist at night and international diplomacy expert by...
Replies
32
Views
8,849

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top