Restrict external access to DNS only

Currently reading
Restrict external access to DNS only

162
45
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Hello,
I was wondering if there was a way to limit the external access to my NAS in such way that it is only accessible using the DNS and not the IP.
Currently when I try to access the NAS from outside with my public IP https://<my-public-ip>/, it redirects me to https://<my-public-ip>:<my-dsm-custom-port>/ which exposes my custom port. I wanted my NAS to be accessible only with https://<my-DDNS>/ and https://<my-public-ip>/ to redirect nowhere (ie: error page with unreachable message).
Does anyone know a way to achieve this ?
Thanks
 
Hi,

How about using DSM’s reverse proxy over 443, did you try that?
That's already what I do and that's why it is accessible with https://<my-DDNS>/ without specifying any port. The issue is when I access the NAS from my public IP.
 
Upvote 0
I might have been unclear.
I have configured the reverse proxy so my NAS is externally accessible with https://<my-DDNS>/. It's listening on port 80 and 443 and rewrite everything to https if the https is omitted.
With this configuration my internal custom port stays hidden.
Now I need to know how I can prevent anyone to reach my nas with https://<my-public-ip>/
Hope this makes things clearer
 
Upvote 0
I already thought of not forwarding the port on my router but it needs to be forwarded for DS File mobile app which doesn't want to connect without specifying the port. Other mobile apps (note, moments, drive...) are working without specifying port.
 
Upvote 0
I already thought of not forwarding the port on my router but it needs to be forwarded for DS File mobile app which doesn't want to connect without specifying the port.

Ah ye. I still find it ridiculous that some mobile apps need port 5000/5001 to be able to be used.. It is HTTP(S) traffic, so Synology could easily program them to just use 80/443 ...

Back to your issue, you need something on you NAS that 'takes over' listening on your port 80/443. You could install Web Station package..?

I have a nginx docker container and that receives all my port 80/443 traffic. :)
 
Upvote 0
OMG ... that's one thing I had not tried ... specifying :443 directly on the app (since it's already reverse proxied)...
Just tried ... it works
Gonna remove the port forwarding to my custom port to check.
 
Upvote 0
Port forwarding removed, tried https://<my-public-ip> and I get the error page !
Perfect !!!
Thank you all for pointing me to the solution.
Cookies for you all and especially @WST16
-- post merged: --

We had a discussion about this sometime ago. Maybe you missed it. You should visit more often :)

Solved - Why does this reverse proxy fail
I come here everyday, all day ... Do not react that much but permanently lurking on the forums :)
Read every new posts also ...
 
Upvote 0
I come here everyday, all day ... Do not react that much but permanently lurking on the forums :)
I’m just teasing you. Don’t mind me. Now then, I heard that you have a stash of cookies hidden in one of the forum sections, how about if we go for a walk, you and me 😇

(man it’s been ages since we had any cookies, this pandemic killed everything)
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Had simelar issue last Thursday. Router and 1 NAS worked, 2 NAS’s didn’t! This occurred as I was adding...
Replies
5
Views
781
  • Question
My certificate is confirmed. Did you mean in synology? 1678195913 OK, I set up 2FA on all accounts. This...
Replies
5
Views
2,324
External Access is generally there to configure outside services that will allow for external access like...
Replies
1
Views
2,625
Just to add here that I've had to move to a different platform as I have never found the solution to get...
Replies
5
Views
1,367
Well opening locally and remotely are 2 different scenarios as well as the protocol being used. Try and...
Replies
11
Views
3,111

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top