Restrict external access to DNS only

Currently reading
Restrict external access to DNS only

Shoop

Shoop

Media
162
45
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Hello,
I was wondering if there was a way to limit the external access to my NAS in such way that it is only accessible using the DNS and not the IP.
Currently when I try to access the NAS from outside with my public IP https://<my-public-ip>/, it redirects me to https://<my-public-ip>:<my-dsm-custom-port>/ which exposes my custom port. I wanted my NAS to be accessible only with https://<my-DDNS>/ and https://<my-public-ip>/ to redirect nowhere (ie: error page with unreachable message).
Does anyone know a way to achieve this ?
Thanks
 
Sort by date Sort by votes
WST16 said:
Hi,

How about using DSM’s reverse proxy over 443, did you try that?
Click to expand...
That's already what I do and that's why it is accessible with https://<my-DDNS>/ without specifying any port. The issue is when I access the NAS from my public IP.
 
Upvote 0
I might have been unclear.
I have configured the reverse proxy so my NAS is externally accessible with https://<my-DDNS>/. It's listening on port 80 and 443 and rewrite everything to https if the https is omitted.
With this configuration my internal custom port stays hidden.
Now I need to know how I can prevent anyone to reach my nas with https://<my-public-ip>/
Hope this makes things clearer
 
Upvote 0
I already thought of not forwarding the port on my router but it needs to be forwarded for DS File mobile app which doesn't want to connect without specifying the port. Other mobile apps (note, moments, drive...) are working without specifying port.
 
Upvote 0
Shoop said:
I already thought of not forwarding the port on my router but it needs to be forwarded for DS File mobile app which doesn't want to connect without specifying the port.
Click to expand...

Ah ye. I still find it ridiculous that some mobile apps need port 5000/5001 to be able to be used.. It is HTTP(S) traffic, so Synology could easily program them to just use 80/443 ...

Back to your issue, you need something on you NAS that 'takes over' listening on your port 80/443. You could install Web Station package..?

I have a nginx docker container and that receives all my port 80/443 traffic. :)
 
Upvote 0
OMG ... that's one thing I had not tried ... specifying :443 directly on the app (since it's already reverse proxied)...
Just tried ... it works
Gonna remove the port forwarding to my custom port to check.
 
Upvote 0
Port forwarding removed, tried https://<my-public-ip> and I get the error page !
Perfect !!!
Thank you all for pointing me to the solution.
Cookies for you all and especially @WST16
-- post merged: --

WST16 said:
We had a discussion about this sometime ago. Maybe you missed it. You should visit more often :)

Solved - Why does this reverse proxy fail
Click to expand...
I come here everyday, all day ... Do not react that much but permanently lurking on the forums :)
Read every new posts also ...
 
Upvote 0
Shoop said:
I come here everyday, all day ... Do not react that much but permanently lurking on the forums :)
Click to expand...
I’m just teasing you. Don’t mind me. Now then, I heard that you have a stash of cookies hidden in one of the forum sections, how about if we go for a walk, you and me 😇

(man it’s been ages since we had any cookies, this pandemic killed everything)
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

C
External Access Stopped Working (DS918+)
Had simelar issue last Thursday. Router and 1 NAS worked, 2 NAS’s didn’t! This occurred as I was adding...
Replies
5
Views
858
Jan Janowski
Jan Janowski
R
  • Question
Setup VPN with name server to access resources on LAN (DS 918+)
It sounds that the main focus is a LAN reconfiguration of DHCP and DNS services so that dynamically...
Replies
1
Views
572
fredbert
fredbert
C
  • Question
Access to my NAS from my MacBookPro
I guess "my Firewall" is the firewall on the Synology? a step by step tutorial can be found online like...
Replies
1
Views
847
EAZ1964
EAZ1964
kevuk
NAS access error to Reolink E1 Pro cam
OK at last, worked it out, you have to install Synology app on PC first then add name amd password then...
Replies
12
Views
1,347
kevuk
kevuk
kevuk
NAS access to WYZE cam V3
Many thanks I will try.
Replies
4
Views
1,831
kevuk
kevuk
C
Wi-Fi Guest Network : no internet access
There are three MASQUERADE rules* but I cannot see how they relate to the don't NAT name, or anything else...
2 3
Replies
45
Views
4,229
fredbert
fredbert
A
  • Question
Unable to access Synology
Good point. I assumed it was 24 due to lack of details, but again, good point.
Replies
3
Views
1,287
Rusty
Rusty

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Back
Top