SpaceRex is the hero of Synology. They really should pay this guy. He's bringing lots of value!

Your channel is one of my go-to places when I need help or info on my NAS.

@SpaceRexWill

Жыл бұрын

Thanks man!

Fantastic Tutorial Will. I still don't fully understand the numbers, but I used the ones you provided and tested it with my phone. Works great. A lot less complicated than my old one.

I greatly appreciate all of your Synology videos. You speak so clearly and calmly...you have helped me so much during my first Synology configuration. Thank you!!

Great tutorial, Will! Excellent information. Thanks again buddy! 😊

Bellissimo video! Finalmente ho risolto il mio problema di attaccchi al mio NAS da varie parti del mondo. Fino a qualche settimana fa avevo messaggi continui da parte del mio NAS di accessi non desiderati con i relativi indirizzi IP, dopo aver impostato il firewall, seguendo il tuo video, i messaggi sono completamente spariti!!! FINALMENTE!!! Seguo sempre i tuoi video molto semplici e professionali, continua così perché sei unico! Non voglio tradurre il testo con google perché voglio che si capisca che ti seguo dall'Italia... Grazie

It's really what I was looking for, thanks SpaceRex.🙏

This is exactly what I was looking for. Thanks, Will!

Very useful, thank you for uploading! Now I have to reconfigure my NASes ;-) Greetings from Germany!

Thanks, Will. This is very useful information and you explained it well.

Could not have come at a better time, Thankyou.

As you mention during the video, another video talking about network and subnet and would be great

Timely and simple. Thanks

Really great video! Your channel has always been very helpful and I want to thank you for all of your hard work. Keep it up!

Great guide, helped me a lot. thanks!

great tutorial, very helpful, Thanks a lot

very very VERY usefull and well explained. Thanks and salute from italy

Thanks!

Will I discovered that with DSM 7.2 if you lock yourself out, it goes back to a previous firewall configuration to avoid it, and a pop-up window will even warn you about it!

@SpaceRexWill

Жыл бұрын

Thats quite useful!

"Hey", very good video. Tks.

How would you organize the following: clients (win/linux) backup data onto a smb share on a synology NAS. Now the data is backuped but not save against viruses that encrypt data because the share is available (I found no was to set security setting, that the clients can write data but not change or delete it). So I would backup this NAS-backup share with e.g. HyperBackup to another NAS - now this backup is absolutely safe. You see another, perhaps easier way?

Great video Will! Thanks for showing us how to setup firewall security in an understandable way. One question, when using a Tailscale VPN, it assigns different IP addresses to each device that are not part of the three private networks you discussed. Should we add the Tailscale IP to the firewall and allow it? I have yet to setup my Synology firewall yet with All Denied yet so want to be sure that if I did, my Tailscale network would still work. Thanks again! 👍🏻👍🏻

@SpaceRexWill

Жыл бұрын

Ah, so with TailScale I think the traffic actually comes in via the local app (does not act like a normal VPN) so you may not have to do anything. But if it does get blocked you can open up the CGNAT subnet the same way you did the other 3. Just with the following info: IP: 100.64.0.0 Subnet mask: 255.192.0.0

@tonyvalenti6614

Жыл бұрын

@@SpaceRexWill Great! Thank you! Since my Tailscale hands out IP’s with different second octets, would it be? … IP: 100.0.0.0 Subnet Mask: 255.0.0.0

Is your Time machine backup video from 3 years ago still valid since a lot has changed with new DSM versions? If so, maybe a new video on this topic?

Again, great video. While creating rules, you must select the interface(s) to apply them to. If I want to block DSM from ALL over the world except the US, I will use your example and applied to my BONDed interface. Now, I as travel, I want to be able to access DSM from ALL over the world as long as I connect to DSM's VPN Server. I guess I will have then one restrictive rule under BOND 1 and one permissive one (or at least no one blocking) for DSM over the VPN interface. Is that correct?

Hello, Do you have a video where you show how to configure (CAPTCHA) for entering Synology nas??

Thank you! What about IPv6? Just had a look on my own NAS and it only seems to have options for IPv4.

@SpaceRexWill

Жыл бұрын

I have not dealt with IPv6 too much, so I can’t be too much help!

the Synology has a console for watch the firewall logs?

If i want to allow access to Plex remotely, should i set allow "custom" port in the firewall to 32400?

i get an error "failed to load profile data" and can't add any rules. any idea how to correct it?

How does firewall work with reverse proxy? I want to allow access to certain docker apps like Jellyfin when accessing from reverse proxy. But adding port 8096 as a rule wont work, instead its port 443. However then it allow access to all my other docker apps. Is there a way to limit firewall access to only one docker app with reverse proxy?

I have a Synology router as well as a Synology NAS, would you say that the same firewall rules can be used for the router?

The synology Firewall does not work. I block ALL IPS but my LAN and My friend can still access my nas??? Please explain

Very timely Will; many thanks. I was just going through my Synology router and DS920+ last night and considering exactly this. On the NAS, there is a section : Control Panel \ Security \ Protection \ Allow/Block List that presumably provides at least some additional protection without setting up the firewall ?

@davewhite7182

Жыл бұрын

It allows you to block traffic from a specific ip address. I have a limit on the number of login attempts and then a block is set up. I have had occasions of someone with a Russian ip address trying to access my NAS and so added them to the block list on my other NAS. I once blocked myself as I was using the wrong password and had to go in from another device and remove myself from the list!

@SpaceRexWill

Жыл бұрын

Yes! I will always add autoblock to any network and any NAS. This prevents people just brute force password guessing. Even if you set it to 100 every 10 min you will keep machines from brute forcing. Autoblock can be used in tandem with Firewall

@DavidM2002

Жыл бұрын

@@SpaceRexWill The Allow/Block list is just below Auto block. They are very different settings.

@DavidM2002

Жыл бұрын

@@davewhite7182 The Allow/Block list is just below Auto block. They are very different settings.

@SpaceRexWill

Жыл бұрын

Ah when a device is auto blocked it’s put in the block list. But if something is in the allow list it will never get blocked

Would it make sense to apply the same LAN IP configuration on your router?

@SpaceRexWill

Жыл бұрын

Your router likely is already doing this

What is a docker?

Hi, I am trying to backup files to my Synology NAS from my computer using Acronis. If I leave fire wall off it works if I turn firewall on it doesn't. Any idea of the rules I need. Thank you.

@51Fathermo

Ай бұрын

Ah found it ty.

Great tutorial but my Firewall is now greyed out and i cannot access at all. Please help with firewall problems.

This helped me. I got someone (a bot) who kept trying to login onto the disabled admin account every 2 minutes. It was really annoying. After setting the firewall (and changing the standard dsm ports) it finally stopped. B.T.W. autoblock didn't work, the bot was using different ip's every time.

@alanstei5680

Жыл бұрын

I have the same issue, how did you make that change?

@supertekkel1

Жыл бұрын

@@alanstei5680 search for DSM Port in Settings. Mind you that you wil have to change portforwarding on your router too if you have that set up.

Synology is actually warning you if you're about to lock yourself out using the firewall so I don't even think it's possible. I have a request: Could you please make a guide on how to enable the firewall log in iptables and then how to send that log to a syslog server? I'm struggling with my poor Linux knowledge.

My conclusion, as there is a good firewall in my router, I will stick to your first advice and not set this up. Thanks again.

the last rule doesnt many anything unless you directly expose that NAS to a public ip address. the reason is NAT, your NAS will always see any traffic from outside coming from your main router's ip address. so the proper way to block connections from internet is basically add your router's IP address as your block rule if your aim is block any connection attempt on your NAS that is coming outside your local network,

@SpaceRexWill

Жыл бұрын

This is not true. The process you are talking about where the traffic looks like it is coming from the router is NAT Masquerading. This is a very rare and niche feature that 99.9% of routers do not support. Port forwarding will show the public IP of the computer connecting to the NAS. You can try for yourself. Open up 5001 to the NAS and connect from your phone off WiFi. You will see your phones public in the connection logs