Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 16860 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connecting NAS to internet

Denny Euverman

Okay,

 

I am busy for 2 days now connecting my Synology NAS to the internet, but its not working.

 

My current network:

Router (with DHCP) IP: 192.168.2.254

Sophos UTM 220 (no DHCP) wan IP: from dhcp router 192.168.2.20 Internal 192.168.0.1

Laptop 192.168.0.2

synology NAS 192.168.0.3

 

I added port 5000 forwarding to the router (forwarding it to 192.168.2.20 (sophos))

I added in the sophos a DNAT rule:

 

For traffic from (external WAN)

Using service: DSM NAS (1:5000 > 5000)

Going to (internal (network))

Change the destination to NAS (192.168.0.3

and the service to DSM NAS (1:5000 > 5000)

 

Automatice firewall rule is ON

I still cannot connect to port 5000 from outside

 

 



This thread was automatically locked due to age.
  • 0

    For traffic from: ANY  <<< change to this for traffic from anywhere eg any traffic from internet
    Using Service: DSM NAS
    Going To: WAN

    Change destination to: NAS
    And the service to: DSM NAS  (this can also be left blank as it will use the above port)

     

    The only other thing I would say is you might be using double natting here as your wan address is a private ip which suggests there is another router in front of it which isn't running in bridge mode. If so, that router will have to DNAT to your UTM wan in order to allow internet traffic into your DSM

  • 0 in reply to Louis-M

    Goodmorning Louis,

    Thanks aggain for you help, i will try it out this evening.

    The router I have doesn't support bridge mode, I will lookup if I can DNAT to my UTM.

     

    Regards,

     

    Denny

  • 0

    2 possible mistakes:

    1: for traffic from (External WAN) you need External WAN (Address) (so be sure to select the ip-address entry and not the interface)
    2: your service is wrongly configured, it should be 1:65535 -> 5000 since it's only arriving on port 5000 but it can be initiated from any custom port.

    I would advice you to not open up port 5000 but use 5001 instead, 5001 is an HTTPS (encrypted) connection while 5000 is plain text. You could also use Synology's quickconnect feature where you don't have to have any open ports and all traffic goes through Synology's servers to your NAS.

    In stead of only forwarding 1 port from your router to the UTM you might be able to configure the UTM as a DMZ so all traffic is forwarded, that way in the future you would only need to configure anything on the UTM and can "forget" about the router.

    If it's possible with your provider, you might be able to have your router bridge the connection to the UTM, so the UTM gets the public IP-address and there's no more double-NAT.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

     and  

    Thanks for your reply,

    I read a little more about Dnatting and I understand the settings more now.

    For learning purpose I use port 5000 just

     

    I changed my router to a Asus RT-AC66u hoping this will solve the problem, and it did!

    I added the port 5000 in the port forwarding in the router, with the IP of the sophos.

     

    Also tried the DMZ, and deleted the port forward.. that worked also!

    Thanks alot for the tips aggain.

     

    You have any tips what do to next with the Sophos? Trying to learn more and more, its a great product

  • 0 in reply to Denny Euverman

    If you've only connected your NAS to the internet now and get basic internet working, then there's a whole lot more fun to learn....

    • Did you enable IPS?
    • Are you already using web filtering?
    • Have you configured remote-access VPN so you could VPN into your UTM and safely access internal resources from the outside?

    And for some more security:

    • Have you limited outgoing traffic for just the traffic that you need (in stead of Internal -> any -> any -> Allow)?

    There's such a lot you can do.... just start with something and ask your questions if you encounter any problems.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to Denny Euverman

    Hi, Denny, and welcome to the UTM Community!

    Apijnappels also lives in Nederland, so his insights will be better than those unfamiliar with the ISPs and their equipment there.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML