Port forwarding for mapping a network drive?


Recommended Posts

Hello is there or are there any ports i need to forward to  Let my brother on a shared folder from my house to his? I'm new to Xpenology and first time on this forum.

 

 

Joseph

Link to post
Share on other sites

Open the smb ports directly to internet like flyride says it's very very bad idea, the only that you can find is to lost all your data.

If you set up the VPN with your brother all the shared folders that you have available in your NAS he will have access if you grant him rights.

Link to post
Share on other sites

Good luck on how quick your box will be in shodan's database and will be hacked with open SMB ports...

 

https://www.synology.com/en-global/knowledgebase/DSM/tutorial/Network/What_network_ports_are_used_by_Synology_services

 

 

 

Link to post
Share on other sites

Don't overcomplicate this. Samba over Internet is a big no no, and FTP is not really that well integrated with Windows Explorer as Webdav is.

Easiest way is to enable Webdav and then open port 5006 (Webdav HTTPS). Then you simply add a new mount on your brothers computer point to https://yourddnsaddress:5006, enter your brothers account credentials that you've created in your NAS and choose which folder share you want to add. Then he can reach the files securely from all around the world.

Skickat från min GM1913 via Tapatalk

Link to post
Share on other sites
 
A rethorical question: Who said his brother is using Windows? ;-)
Total Commander is just one of many multiplatform filebrowsers who support FTP etc.
Yeah yeah, Mr wise guy. Of course there's alternatives, but the likelihood of his brother is using anything but Windows/Explorer or Mac/Finder isn't exactly talking in your odds. But I'm eager to hear the circumstances in this case.

Skickat från min GM1913 via Tapatalk

Link to post
Share on other sites

Exposing SMB to the internet is like invitation for hackers.
Never ever do that.
There are other ways to share data over internet:
1. SFTP + DDNS - simple and secure, supported by Linux, simple clients needed for other operating systems.
2. WebDav + DDNS - as others described. Easy setup on DSM, client app needed.
3. SMB or AFP or NFS over VPN + DDNS- Rather complicated setup on both server and client machines.
4. SMB or AFP or NFS over VirtualLAN (ZerotierOne) - Apps needed on both - server and clients ends + free management account on zerotier-one.com (where you create your virtual LAN networks). No need for DDNS. Safety like with VPN but easier setup and management (for instance you can block users, assign them IPs)  

  • Like 1
Link to post
Share on other sites
19 hours ago, Piteball said:

Yeah yeah, Mr wise guy....

 

Hello again, no need for namecalling untill you get more "housewarm" ....🙄

Just for you to "get wiser", Samba was never an option untill you brought it up, the correct name would be SMB/CIFS.

 

 

In regards to Windows Explorer, have you ever noticed this way to map a FTP site to your Windows Explorer?

( I take it you understand Norwegian, but it looks almost the same in Swedish)

 

In regards to Webdav, how much more secure is Synology's implementation?

1.png

2.png

3.png

Edited by bearcat
SMB
Link to post
Share on other sites
Quote

Hello again, no need for namecalling untill you get more "housewarm" ....

Just for you to "get wiser", Samba was never an option untill you brought it up, the correct name would be SMB/CIFS.

 

 

In regards to Windows Explorer, have you ever noticed this way to map a FTP site to your Windows Explorer?

( I take it you understand Norwegian, but it looks almost the same in Swedish)

 

In regards to Webdav, how much more secure is Synology's implementation?

 

Sorry for the name calling 😅 Your are absolutely correct, SMB/CIFS is the correct naming of the communication protocol. In FortiGate firewalls these services are all located in a group called "Samba", my mind is not what it used to be before my 2 year old daughter entered the world. Don't get me wrong, I love my daughter I really do, but I've never slept less hours per night than I do now. I got her sleeping now so I take the opportunity to answer now. :-)

 

Your right, it is also possible to mount FTP-shares the same way as Webdav in Windows as you show in your screenshots. Security wise I would vote for Webdav over HTTPS over pure FTP. However SFTP should give you about the same security as Webdav over HTTPS. I suppose it's as easy to configure SFTP as it is to configure Secure Webdav so it all comes down to performance comparison between FTP and webserver file serving which I haven't benchmarked so I can't tell which is faster than the other. I do have a couple of photographers as customers that are accessing their photo collection on their Synology:s using Webdav and they seem to be very pleased, it performs much better with Webdav than using SMB/CIFS over OpenVPN for example unless you have a very powerful machine/firewall appliance running OpenVPN (for example pfSense/OPNsense with AES-NI acceleration). Also the simplicity of it speaks in favor for this method.

 

On Linux you install davfs2 and then use "mount -t davfs -o noexec https://Synology-DDNS-address /mnt/mountfolder" to mount it. And on Mac you just go to Connect to server in Finder and type the URL to the NAS and press connect and the credentials dialogue will popup.

Edited by Piteball
  • Like 1
Link to post
Share on other sites

WebDAV is secure if you use HTTPS. Over HTTP it may be not so secure, but I think in another area than it's with SMB.

Mounting FTP in Windows - I may be wrong, but I think it's possible if you use just raw FTP. If you want to use SFTP (FTP in SSH session) and FTPS (FTP over SSL) Windows can't do it.
There was one project made by someone in the past for that (mounting FTPS/SFTP as drive in Windows), but it's abandoned and it doesn't work well with Windows10.

  • Like 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.