I have an interesting problem.
I have a Synology 1517+ NAS sitting behind a SophosUTM appliance.
The UTM has correct firewall configuration to let through key NAS services - admin access, file access, etc. Normally I can access Synology's Drive service (equivalent to Google Drive but running on my own server) outside my home network with no issues.
The problem happens when I want to share files from Synology Drive. The file share creates a link to the file as seen in the screenshot below. The problem is that this link cannot be accessed outside my LAN. Access outside my LAN throws a "ERR_CONNECTION_RESET" error.
I have checked ports used by Synology Drive and it's all the same ones I already have opened. Given the issue only happens when accessing outside my LAN, I place this firmly at the feet of Sophos.
Any advice much appreciated.
The setup you are describing is a hacker's paradise. Are you saying, you are really giving direct access to all the services on your NAS-system from outside? With DNAT-rules?
I would highly recommend…
Your screen shot is null.
You need to have some sort of DNAT rule to allow inbound (from wan) traffic. Show us pics of all applicable rules you have defined.
Personally, I do not allow access to my nas from the internet directly. I run an instance of nextcloud which has its own vnic/vlan and different subnet from the nas.
Edit: Nextcloud itself uses WAF for inbound access to nextcloud, so that provides another layer of protection.
I would highly recommend using a VPN-Setup for this kind of external access!
Mit freundlichem Gruß, best regards from Germany,
New Vision GmbH, GermanySophos Silver-Partner
If a post solves your question please use the 'Verify Answer' button.
And I wouldn't want to give any advice on how to extend this insecure setup with any additional ports and services.