First off I'll say that I am a complete muggle when it comes to network security. Now in my middle years I'm trying to learn about it, so please bear with my ignorance.
I just set up a synology as a plex server, home cloud for my family and computer backup. Things went well though I had to open a port for plex (which lead me to learn about port forwarding). I realized I hadn't configured my synology's firewall and watched some videos / read up on it. This is when I of course started to block myself from mapping network drives etc. I can still access it through quickaccess to make changes so I'm not stuck per se, just trying to figure things out.
So initially I set up only 2 rules:
1) The management, UI etc on ports 5000 & 5001 - all protocols - all IPs - allow
2) All ports, all protocols, all IP - Deny
This is when I lost access to my mapped drives. If i remove the 2nd rule I can ping my NAS and reconnect to it via windows / mac. So I'm wondering if there's another application rule I need to allow in the firewall? I did create a rule to allow ports 137-139 and 445 which is what SMB uses I think, but that didn't work so I removed the rule.
My second question is about geoblocking / ip blocking.
For my first rule above I changed the source IP to allow only USA. I am in the USA and it wouldn't let me choose that because it said I would be blocking myself. I checked my ip and sure enough I wasn't connected to a VPN and my ip was a local one so I was puzzled on why it was not allowing that rule. Then I thought that I would put in a subnet. So I wasn't sure what to put for IP so I tried initially my router with the subnet mask 255.255.255.0 which didn't work. Then I tried the IP range that my router would assign computers via DHCP and that didn't work. So I left it as "allow all" and that works (by works I mean I have no restrictions to my NAS when logging in remotely).
I appreciate your help. I've been trying to resolve these issues by googling, reading, watching videos but I'm stuck so I created an account here. I am more than willing to put in the legwork to learn this material more in depth as I clearly know nothing about network security and I think it's high time to learn.
Thank you all in advance, I appreciate your help and time.
I just set up a synology as a plex server, home cloud for my family and computer backup. Things went well though I had to open a port for plex (which lead me to learn about port forwarding). I realized I hadn't configured my synology's firewall and watched some videos / read up on it. This is when I of course started to block myself from mapping network drives etc. I can still access it through quickaccess to make changes so I'm not stuck per se, just trying to figure things out.
So initially I set up only 2 rules:
1) The management, UI etc on ports 5000 & 5001 - all protocols - all IPs - allow
2) All ports, all protocols, all IP - Deny
This is when I lost access to my mapped drives. If i remove the 2nd rule I can ping my NAS and reconnect to it via windows / mac. So I'm wondering if there's another application rule I need to allow in the firewall? I did create a rule to allow ports 137-139 and 445 which is what SMB uses I think, but that didn't work so I removed the rule.
My second question is about geoblocking / ip blocking.
For my first rule above I changed the source IP to allow only USA. I am in the USA and it wouldn't let me choose that because it said I would be blocking myself. I checked my ip and sure enough I wasn't connected to a VPN and my ip was a local one so I was puzzled on why it was not allowing that rule. Then I thought that I would put in a subnet. So I wasn't sure what to put for IP so I tried initially my router with the subnet mask 255.255.255.0 which didn't work. Then I tried the IP range that my router would assign computers via DHCP and that didn't work. So I left it as "allow all" and that works (by works I mean I have no restrictions to my NAS when logging in remotely).
I appreciate your help. I've been trying to resolve these issues by googling, reading, watching videos but I'm stuck so I created an account here. I am more than willing to put in the legwork to learn this material more in depth as I clearly know nothing about network security and I think it's high time to learn.
Thank you all in advance, I appreciate your help and time.