Synology Port Forwarding Setup
Zee Petty
Problem is, that Synology 120j doesn't allow me to set this up manualy (or maybe I don't know how) rather than forcing me to go trought wizard which keeps complaining about the routers not being in "bridge mode".
When I look on internet, there are several videos, but all of them use old Synology menu where is "Port forwarding" option located.Now I'm going via Control Panel > External Access > Router Configuration where I need to first set up router and than I can get to setting up the ports.
so I've find out. Once you have ports opened (I've did in the end 80, 443, 5000 and 5001), you just need to create manualy configuration for a router ,which will not work, but it will let you to go to another step, where you can set up the ports you have opened
You mentioned doing the port forwarding in the modem/router originally for the Synology. What you need to do now is to change the port forwarding IP to whatever the Deco M5 IP address is that it got from the modem/gateway. You then log into the Deco, and do the port forwarding for the Synology NAS.
If you correctly enabled port forwarding on your router and the Roon ARC apps still cannot connect to your Roon Core running on your Synology or comparable NAS, remember to also open the same port in your Synology firewall settings.
Ports should be opened with caution only. It technically punches a small hole into your firewall so it makes the Synology generally unsafer. But I think it is a calculated risk as the port does not let you into you NAS outside of the ARC tunnel which is secured by your username and password.
The external IP of your Synology and your router should be the same unless you have multiple NATs set up. Port forwarding the same port on your router to the Synology which you just opened on your Synology should do the trick.
Thanks for the reply
Just for my own understanding, you say that it does not let you into NAS outside of the ARC tunnel, but how does the NAS/Firwall know to only allow Roon/ARC traffic into the opened/forwarded port.
It does and that could be a security risk you are not willing to take. Maybe my understanding is incorrect but I have no other application or interface on my Synology using the Roon ARC port so I assumed only TCP traffic is allowed into Roon Core on this particular port and not onto the entire Synology.
I`m not sure either, but I think its a small risk based on what I can find out through google.
the security can be increased if you also block out all connections from other countries than your own.
Yes that also works. And if you travel you can always use a VPN to still have your connection come from the country you specified. The general Synology security advices also still do help such as automated IP blocking, 2FA and account locking just in case someone uses open ports to try to get into your system.
the 2600ac is a router, right? I do not own a Synology router so unfortunately I cannot help you. But all I did on my Asus router, was create a port forwarding rule to my DiskStation. This should open the router firewall to allow connections to the the DiskStation on your defined ARC port. Then all you should have to do is open that port also in the DiskStation firewall, otherwise the connections will reach your DiskStation but are stoped by its firewall.
A few days ago, I used find.synology.com to search my network for the NAS, and it found it at 192.168.4.65. Eventually, that stopped working. Then I tried to go into the Eero Network settings > Reservations & Port Forwarding > reserve an IP address (192.168.4.65) for the Synology device. Then I tried find.synology.com, and no beans. After some googling, I read somewhere that Eero only gives out 192.168.7.XXX IP addresses, so I changed the reservation in the Eero settings to (192.168.7.65) and it still doesn't work.
I've got an eero and Synology at home, plus my parents have the same in their home. I've not used nor ever really needed to use find.synology.com, I just connect to the Synology by its internal IP address. Just now, I tried find.synology.com and it reports being unable to find my Synology, as well. But it doesn't matter, I don't think. I'm betting that if you wanted that service to work you'd need to open a port to your Synology for it to be findable from the internet.
Hi. Did you ever get this solved? I have same issue, but I'm coming from a Motorola mb-8611 modem into the eero and then from the eero to a Netgear switch but I've also tried plugging it directly into the eero and it still won't configure router in the Synology NAS DSM
I'd like to know if this got resolved? I have a similar set up with similar issue. When I go into synology settings, it finds my router but then I have to manually add it, but it's not on the list. Is there another name for an eero pro 6? I have port forwarding on for 1194, that's the specific port for OPENVPN.
When you open the port in the NAS control panel it shoudl automatically create a rule in your router if its recognized first. If not, just create it manually in your router. If you cannot create a port forwarding try with port-trigger.
I had a similar situation as well when I first exposed my Nass even using a different port. Sound like your doing all the right things but I suggest one more depending on what else you have on your network. Depending on what router you have you might want to upgrade it to one that support intrusion detection/prevention. And possibly even setting up a few Vlans to isolate the more risky network devices like IOT & kids machines.
Very helpful advice. I have had several episodes of login attempts as well. I ended up cancelling port forwarding at the router until I needed remote access again. But changing default port sounds at least a little more likely to avoid random hits.
So this bot net has been around for a while. They have thousands of IPs and are therefor able to skip by auto block. But they are just trolling to see if they can find an admin account still enabled, with a dumb password.
Could you please help me to make working port forwarding, which template to choose from mentioned above and what exactly I need to choose on each setting option. And do I need anything else to set up apart of port forwarding to make it working?
Please find attached photos for DNAT port forwarding rule. Still doesn't work, can't get access Synology on a domain name with port 5443 from internet and local. Ports are working on home network accessing Synology by IP address but not by domain name. Domain name DNS are are updated to DYN DNS from Synology itself.
A special version of the last variant is a DynDNS: since the external IP address of your router is determined by your internet provider, it may change occasionally. A DynDNS service like the one offered by Synology tracks these changes and makes sure that the FQDN always points to the current IP address of your router.
And you definitely do need some version of DynDNS if you want to access your NAS from outside your local network. (Unless you are running your own DNS server somewhere on the internet) Also, in this case, you have to set up port forwarding in your router. Alternatively, set up a VPN server on the router. Change its configuration, in your words.
Last week after first setting up my NAS, I set up all the port forwards and set up a ddns domain through synology: "zypher.synology.me". The set up of this was successful and a certificate was issued.
However, I was advised that this was a security risk due to publicity of all subdomains on synology.me, and I was told it is better to register my own domain name. I did that today and registered "truesdell.family" on Google Domains and set up the ddns in their system with all appropriate synthetic records. I configured this on the NAS and it worked correctly and updated the Google DDNS with my current IP Address.
All required ports are still open and forwarded (port 80 and port 443, as well as the standard Disk Station ports). I can access the NAS over a browser, on port 80 for HTTP and HTTPS on port 443, only receiving a certificate issue on port 443.
Today while trying to get a certificate for this new domain I have had nothing but errors. I have tried with both the root domain "truesdell.family" and with a subdomain "zypher.truesdell.family" and neither have had any success.
Initially I was getting the all too common error of "Failed to connect to Let's Encrypt. Please make sure your Synology NAS and router have port 80 open to Let's Encrypt domain validation from the internet". Now I am getting that I have have had too many requests.
I have not disabled / deleted the zypher.synology.me certificate, it is still the default certificate so I can still access the system until I get my own domain correctly running. Would this be an issue?
Success! Sorry for the bother, turns out my ISP turned on a block of those Ports. Given the process worked last week but not this week I can only assume they did it since then. I have asked them to remove the block and the last certificate request went through successfully.
Just upgradet my network to Nest Wifi Pro, and now I can not get external access to the NAS, or any of the applications running og the NAS. I tried port forwarding som of the ports i the Google Home App, but still no external accsess.
It's understandable that you're facing external access issues with your NAS after upgrading to Google Nest Wifi Pro. Here are some potential reasons and troubleshooting steps to help you regain access:
Soulseek is a P2P application so it needs to have 2 listening ports open in order to work. I used Portainer to set it up on the same network as my synology device, in host mode, rather than bridge. I can access soulseek by going to my synology devices IP at the default port for the soulseek container which is 192.168.0.25:6080.
If you use network=host, the container binds all its ports directly on the hosts network interface (actualy it hooks into the same network namespace as the host, and network-wise acts like any other process on the host) and bypasses the need to publish ports.
ff7609af8f