Jump to content
XPEnology Community

external acces


naets

Recommended Posts

I am totally NOT a computer wizard but like to get most out off things.

 

I run the dsm 6.0.2-8451 v1.01

 

My DiskStation is placed behind 2 routers (witch I configured with port forwarding). I assume I can access the internet as I can download packages.

 

When I try to create an external way to reach the DS it always say that this is not possible.

I tried quickconnect - activate - but when I want to make an account it always gives a screen saying that the action I tried to perform is not possible due to an error somewhere.

I also tried it when I placed my DS behind only 1 router but this gives the same errors.

 

I did some reading and found that it would have to do something with the serial number off the device? trying to create the sinology account It would check the serial number of the DS to see if you have a real synology DS, is this so??

 

 

 

How can I create a (safe) external access to my DS?

Link to comment
Share on other sites

Your reading about needing 'real' synology mac and serial numbers is correct for a quickconnect account. There are ways to create 'real' numbers and edit the boot configuration files (search the forum for both, its not hard to find)

however there is no reason why your 'double natted' access through two routers should not work provided you set the correct ports and protocols on your routers depending on what you want to access, eg dsm web pages, ftp etc. I would do some tests, assuming the 'inside' router is a) and the 'outside' ie the internet connection is b)

 

1) set dhcp address reservation for the nas on router a)

2) set port forwarding to the nas on router a) for the required services

3) connect to the 'wan' side of router a) and check you can access the web pages etc from that side (eg http://wanip:5000)

4) set dhcp reservation for router a) on router b)

5) set port forwarding to router a) from router b) for the required services for the nas

6) you should then be able to connect with http://internetip:5000

7) setup ddns on router b)

Link to comment
Share on other sites

Connecting with the http://wanip:5000 is possible from inside the network.

 

From outside the network : the internetip I assume that is the unique address I get and not some 192.168.X.X or 10.0.X.X , I assume I can find this by ipconfig/ all on my desktop? or in router b)

 

I'am going to check this when I am home.

 

What is setup ddns, how do I do this? Is this just enabeling ddns, I wil search for this?

Link to comment
Share on other sites

What do you mean by hanging your DS directly on the internet?

 

off course your DS is placed in your local network.

To reach it from outside the local network you can use different methods. do you mean I can not try to reach it by internetip:5000 ??

 

I think I will try the ddns like sbv3000 posted. Does the he ddns only have to be set up on the router b) ?

Link to comment
Share on other sites

login to router b) and have a look at the 'wan' status, you should see a 'public' ip address provided by your isp. that will be your internetip.

as for ddns, have a look at your router specs and see if it supports ddns - most do and it will be in the 'services' or similar features/configuration. find out which ddns services are supported then you can generally setup a 'free' account for that supplier. Lets say you create a free ddns account called 'naetsnas@freeip.biz' you would get to your nas with http://naetsnas@freeip.biz:5000' for dsm web.

 

Brantje has an excellent point about 'exposing' your nas in this way - there are 'bad dudes' who scan internet connections and look for ports and services and will try and login to devices, or could run scripts against badly written web pages in dsm. vpn is a good idea, but you would need more work on your setup for that. the other things you could do is to translate ports rather than forward - eg 65000 forward to 5000, use https, if your router allows it setup time based access rules, or use the vpn to activate rules when you need them

Link to comment
Share on other sites

What do you mean by hanging your DS directly on the internet?

 

off course your DS is placed in your local network.

To reach it from outside the local network you can use different methods. do you mean I can not try to reach it by internetip:5000 ??

 

I think I will try the ddns like sbv3000 posted. Does the he ddns only have to be set up on the router b) ?

No way in hell I would EVER expose my NAS onto the Internet in that way..

 

I would check whether your router supports use of a VPN and use it to access your network.....

 

#H

Link to comment
Share on other sites

What do you mean by hanging your DS directly on the internet?

 

off course your DS is placed in your local network.

To reach it from outside the local network you can use different methods. do you mean I can not try to reach it by internetip:5000 ??

 

I think I will try the ddns like sbv3000 posted. Does the he ddns only have to be set up on the router b) ?

No way in hell I would EVER expose my NAS onto the Internet in that way..

 

I would check whether your router supports use of a VPN and use it to access your network.....

 

#H

 

I agree using a vpn is the way to go, but I get the feeling the member asking the question isn't familiar with this type of access or the security risk associated with exposing ports/services.

 

Maybe some links to synology vpn/security resources would help them out, or a post with a basic guide might help prevent a bad situation occurring for people that are new to this type of usage? I'm not sure if there's anything like that on this forum already?

 

This may do as a starting point for a vpn setup http://bpmsg.com/how-to-make-your-synology-disk-station-nas-more-secure/comment-page-1/ but it doesn't really go beyond the vpn aspect.

 

This article gives some useful info https://www.wijngaard.org/hardening-access-to-your-synology-diskstation-and-prepare/

 

Ideally you need to find information that's more generic, that doesn't explain everything directed towards a real synology and their quick connect service etc.

Link to comment
Share on other sites

But to use VPN I fisrt have to create a ddns, wright?

 

If you have a few pennies available to you, get a new router, one that supports VPN. I uses an ASUS myself, most of the options in there are easy to understand so you can make your network fairly hardy.

 

As for Syno security, have a look at:

https://www.synology.com/en-uk/knowledg ... nology_NAS

 

Even with all that in mind I still wouldn't set your Syno up to face the internet (as in open ports on your firewall and be able to log in from the outside world). A few years back there was a nasty program called SynoLocker that smashed through DSM ransomware style. ( https://forum.synology.com/enu/viewtopic.php?t=88770 ) It's better not to take the risk and instead connect to your machine via a VPN.

 

There's this to look at too. It won't do a thorough scan of your network but it'll graze over the top in the same way a none targeted hacker would looking for an easy catch :

https://pentest-tools.com/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...