Restrict external access to DNS only

Currently reading
Restrict external access to DNS only

130
36
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Hello,
I was wondering if there was a way to limit the external access to my NAS in such way that it is only accessible using the DNS and not the IP.
Currently when I try to access the NAS from outside with my public IP https://<my-public-ip>/, it redirects me to https://<my-public-ip>:<my-dsm-custom-port>/ which exposes my custom port. I wanted my NAS to be accessible only with https://<my-DDNS>/ and https://<my-public-ip>/ to redirect nowhere (ie: error page with unreachable message).
Does anyone know a way to achieve this ?
Thanks
 
1,673
712
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Hi,

How about using DSM’s reverse proxy over 443, did you try that?
 
Upvote 0
130
36
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Hi,

How about using DSM’s reverse proxy over 443, did you try that?
That's already what I do and that's why it is accessible with https://<my-DDNS>/ without specifying any port. The issue is when I access the NAS from my public IP.
 
Upvote 0
1,673
712
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
I might be missing (misunderstanding) something.
Reverse Proxy is for external access. You can configure something like:
https://mydsmweb.mynas.synolog.me
 
Upvote 0
130
36
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
I might have been unclear.
I have configured the reverse proxy so my NAS is externally accessible with https://<my-DDNS>/. It's listening on port 80 and 443 and rewrite everything to https if the https is omitted.
With this configuration my internal custom port stays hidden.
Now I need to know how I can prevent anyone to reach my nas with https://<my-public-ip>/
Hope this makes things clearer
 
Upvote 0

Rusty

Moderator
NAS Support
2,826
864
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Does anyone know a way to achieve this ?
Disable your custom port on your fw. Leave only 443 (Reverse proxy) port. In that case the fw will terminate it.
 
Upvote 0
1,673
712
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
I see. But if the port is not open on the router, it can’t be reached. Only via 80/443.
Again, maybe I’m misunderstanding something, if so, I’ll see myself out :)
 
Upvote 0
130
36
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
I already thought of not forwarding the port on my router but it needs to be forwarded for DS File mobile app which doesn't want to connect without specifying the port. Other mobile apps (note, moments, drive...) are working without specifying port.
 
Upvote 0

Shadow

Subscriber
607
208
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
I already thought of not forwarding the port on my router but it needs to be forwarded for DS File mobile app which doesn't want to connect without specifying the port.

Ah ye. I still find it ridiculous that some mobile apps need port 5000/5001 to be able to be used.. It is HTTP(S) traffic, so Synology could easily program them to just use 80/443 ...

Back to your issue, you need something on you NAS that 'takes over' listening on your port 80/443. You could install Web Station package..?

I have a nginx docker container and that receives all my port 80/443 traffic. :)
 
Upvote 0
1,673
712
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Use something like:
fileme.mynas.synology.me:443
This is what you put in DS File (the mobile app)

Oh, and you‘ll need to enable File Station under application and give it a port that you’ll use as a target. I use it like this and it works.
 
Upvote 0
130
36
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
OMG ... that's one thing I had not tried ... specifying :443 directly on the app (since it's already reverse proxied)...
Just tried ... it works
Gonna remove the port forwarding to my custom port to check.
 
Upvote 0
130
36
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Port forwarding removed, tried https://<my-public-ip> and I get the error page !
Perfect !!!
Thank you all for pointing me to the solution.
Cookies for you all and especially @WST16
-- post merged: --

We had a discussion about this sometime ago. Maybe you missed it. You should visit more often :)

Solved - Why does this reverse proxy fail
I come here everyday, all day ... Do not react that much but permanently lurking on the forums :)
Read every new posts also ...
 
Upvote 0
1,673
712
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
I come here everyday, all day ... Do not react that much but permanently lurking on the forums :)
I’m just teasing you. Don’t mind me. Now then, I heard that you have a stash of cookies hidden in one of the forum sections, how about if we go for a walk, you and me 😇

(man it’s been ages since we had any cookies, this pandemic killed everything)
 
Upvote 0

Rusty

Moderator
NAS Support
2,826
864
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
@WST16 you owe me some cookies, so... you know... don't mess about. I want 50% of that stash.
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top