Unable to route Download Station traffic through LAN 2

[revv]

I'm trying to route Download Station's traffic through LAN 2. My plan is to use a VPN on LAN 2, once I can set this up.

I went into the firewall and blocked all BT/eMule traffic from LAN 1 and allowed it on LAN 2. However, upon doing this, I still see that Download Station is using LAN 1 to download, as seen in the Activity Monitor and on my network controller. How is this possible if I'm telling the firewall to block it?

The second issue I'm having is that when I successfully install PIA using openVPN and run it on LAN 1 as a test, Download Station loses connection and doesn't download or search. I see that PIA is connected, but I get nothing from Download Station. Furthermore, a traceroute to google.com just hangs, with no result. It's like the NAS loses connection entirely when using PIA VPN. Any ideas of what coule be happening?

 

[akahan]

Can you explain exactly what you did to "block all BT/eMule traffic from LAN 1 and allow it on LAN 2"?

 

[revv]

Sure, I just went into the Firewall section in Control Panel -> Security of DSM.

 

[akahan]

I suspect it's not bocking bittorrent because it's only blocking unsolicited incoming packets - it's not blocking your NAS from establishing bittorrrent connections with other devices outside your network, or blocking those devices from responding.

 

[revv]

Alright, figured this out. The solution is not the best, but it works very well.

The solution is to run DSM in a virtual machine and then tunnel the entire virtual machine. Problem solved.

Follow this to install vDSM in your NAS: How to Setup Synology DSM as a Virtual Machine (vDSM) - WunderTech

Then, follow these steps to make it work with Private Internet Access:

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

Accept third party cookies

I've checked with IP leak and using curl ipecho.net/plain and can confirm this solution works.

Assign 1-3 GB RAM to the virtual machine. However, you'll likely need to increase RAM in your machine if you want to maintain responsiveness, especially if you're running other stuff on it. I got a cheap 16 GB stick from Amazon and everything works like it should:

Amazon product ASIN B07YXCBVWX
Synology, if you're reading, why do I have two LAN ports yet have to do all this to make something so simple work???

EDIT: There are a few advantages to this setup, despite it being somewhat cumbersome.

• All of your downloads are now on a virtual machine prior to moving them to their final destination. If you donwnload something bad, it will mess up your virtual machine and you can just re-create it
• It allows you to test updates and new software in a virtual environment, prior to doing so in production
• The whole VDSM is tunneled through a VPN, which I think is a plus

 

[akahan]

Wouldn't it be easier to just use the firewall in your router? That is: Each of your LAN ports has a different IP address. You'd set the router to deny bittorrent traffic to/from the LAN port you don't want to use for torrenting.

 

[revv]

Wouldn't it be easier to just use the firewall in your router? That is: Each of your LAN ports has a different IP address. You'd set the router to deny bittorrent traffic to/from the LAN port you don't want to use for torrenting.

This is true, but there are no guarantees that DSM will route that traffic through LAN 2 instead of just failing. When I was testing with the NAS' firewall, traffic would just completely drop.

 

[akahan]

That would be a problem with browsing or email, but is it really an issue with bittorrent? Wouldn't it just keep trying until it's gotten all the chunks of the file you're downloading?