Restrict external access to DNS only

Currently reading
Restrict external access to DNS only

161
44
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Hello,
I was wondering if there was a way to limit the external access to my NAS in such way that it is only accessible using the DNS and not the IP.
Currently when I try to access the NAS from outside with my public IP https://<my-public-ip>/, it redirects me to https://<my-public-ip>:<my-dsm-custom-port>/ which exposes my custom port. I wanted my NAS to be accessible only with https://<my-DDNS>/ and https://<my-public-ip>/ to redirect nowhere (ie: error page with unreachable message).
Does anyone know a way to achieve this ?
Thanks
 
161
44
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Hi,

How about using DSM’s reverse proxy over 443, did you try that?
That's already what I do and that's why it is accessible with https://<my-DDNS>/ without specifying any port. The issue is when I access the NAS from my public IP.
 
Upvote 0
161
44
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
I might have been unclear.
I have configured the reverse proxy so my NAS is externally accessible with https://<my-DDNS>/. It's listening on port 80 and 443 and rewrite everything to https if the https is omitted.
With this configuration my internal custom port stays hidden.
Now I need to know how I can prevent anyone to reach my nas with https://<my-public-ip>/
Hope this makes things clearer
 
Upvote 0
2,108
891
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
I see. But if the port is not open on the router, it can’t be reached. Only via 80/443.
Again, maybe I’m misunderstanding something, if so, I’ll see myself out :)
 
Upvote 0
161
44
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
I already thought of not forwarding the port on my router but it needs to be forwarded for DS File mobile app which doesn't want to connect without specifying the port. Other mobile apps (note, moments, drive...) are working without specifying port.
 
Upvote 0
742
271
NAS
DS216+II, DS118, DS718+, DS720+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
I already thought of not forwarding the port on my router but it needs to be forwarded for DS File mobile app which doesn't want to connect without specifying the port.

Ah ye. I still find it ridiculous that some mobile apps need port 5000/5001 to be able to be used.. It is HTTP(S) traffic, so Synology could easily program them to just use 80/443 ...

Back to your issue, you need something on you NAS that 'takes over' listening on your port 80/443. You could install Web Station package..?

I have a nginx docker container and that receives all my port 80/443 traffic. :)
 
Upvote 0
2,108
891
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Use something like:
fileme.mynas.synology.me:443
This is what you put in DS File (the mobile app)

Oh, and you‘ll need to enable File Station under application and give it a port that you’ll use as a target. I use it like this and it works.
 
Upvote 0
161
44
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
OMG ... that's one thing I had not tried ... specifying :443 directly on the app (since it's already reverse proxied)...
Just tried ... it works
Gonna remove the port forwarding to my custom port to check.
 
Upvote 0
161
44
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Port forwarding removed, tried https://<my-public-ip> and I get the error page !
Perfect !!!
Thank you all for pointing me to the solution.
Cookies for you all and especially @WST16
-- post merged: --

We had a discussion about this sometime ago. Maybe you missed it. You should visit more often :)

Solved - Why does this reverse proxy fail
I come here everyday, all day ... Do not react that much but permanently lurking on the forums :)
Read every new posts also ...
 
Upvote 0
2,108
891
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
I come here everyday, all day ... Do not react that much but permanently lurking on the forums :)
I’m just teasing you. Don’t mind me. Now then, I heard that you have a stash of cookies hidden in one of the forum sections, how about if we go for a walk, you and me 😇

(man it’s been ages since we had any cookies, this pandemic killed everything)
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

You can if your router support it. So it’s not impossible in general
Replies
15
Views
1,913
Thank you. I have been reading in forums for several days. The best forum of all with people who help and...
Replies
4
Views
769
  • Question
You could try and see if Multiple Gateways option will pass the traffic in while your VPN is alive...
Replies
2
Views
1,410
Well, that was something that happened to people who don't follow best practices and were not up to date...
Replies
13
Views
978
  • Question
Sound advice by @Shoop above. Don’t use UPnP. A quick search showed the following (there’s something on...
Replies
2
Views
1,750
If I couldn't set my ISP modem/router in bridge mode: I'd rather order a managed switch, hook it up...
Replies
7
Views
2,468
short recommendation: don't try to open any external services w/o knowledge of all possible implications...
Replies
2
Views
792

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top