Head's up to newbies: DO NOT apply the "deny all" rule until you've also added a rule allowing your private IP address/subnet/related devices! Having the Management UI "allow" rule as your only allow rule WILL lock you out of your NAS. (At least it did for me - DSM 7.1, 920+) If this happens to you, don't worry, it's easy to resolve with a "Mode 1 reset" (which is painless) but is annoying and does require redoing a few settings.

I'm watching this video thinking I've stumbled across a goldmine and that there's bound to be a 100k subscribers; imagine my shock to see you at only 729 - that is crimanally low. Thank you so much for the effort you put into this. Clear, succint - even a dummy like me could follow it. Subbed.

@WunderTechTutorials

3 жыл бұрын

Thanks so much for the support! I really appreciate your kind words. I am glad to hear that this video helped you out!

@youharrytube100

3 жыл бұрын

AGREED

@slm5292

2 жыл бұрын

Agree. This guy is amazing

@harpersneil

2 жыл бұрын

@@WunderTechTutorials Fast forward 12 months and now you have over 11k. Glad to see your hard work pay off.

@WunderTechTutorials

2 жыл бұрын

@@harpersneil Thank you so much! If it wasn't for you and everyone else's support, I would have never been able to get here, so sincerely, THANK YOU!

Your detailed but yet easy-to-follow examples are just great - many thanks 🙏🙏🙏

Hello, i just discovered your channel and i must say that it's one of the best nas ressource i've found, you've a very good pace and explain things consisely moreover i do appreciate the fact that you also have written instructions. Good job mate

@WunderTechTutorials

3 жыл бұрын

Thanks so much! I really appreciate the kind words!

Great video. I'm trying to make my Synology NAS as safe as possible. Your video adds to my knowledge of the NAS firewall. I am able to safely narrow down the potential users (especially Management UI access). This was done in conjunction with my router (DHCP server) and the networking on two workstations on my internal network. Many thanks for taking the time to put this together.

@WunderTechTutorials

3 жыл бұрын

Not a problem! I'm glad to hear it helped!

Thank you a lot, very important explanations you provide, especially the requirement of an additional deny-all rule. This has somehow changed in the newer DSM versions that there is no longer the option to define the default behavior of the firewall if no rule is met... So I just noticed that my firewall was ineffective since quite some time, because I had not explicit "deny-all" rule (which was not required in the past). Thanks a lot.

Excellent explanation on a firewall and how it works as I knew little. Now I understand

Excellent job!!, thanks for explaining the how's and why's and your prospective reasoning. Much appreciated

@WunderTechTutorials

3 жыл бұрын

I'm glad to hear it helped, thanks a lot for watching!

The best explanation of facts about firewall ever. Thank you for this !!

@WunderTechTutorials

2 жыл бұрын

I'm glad that it helped, thank you for watching!

i really appreciated this video. thank you for the clear and distict explanation of the rule matching logic by the synology nas.

@WunderTechTutorials

3 жыл бұрын

I'm glad to hear it helped, thanks so much for watching!

Very much thanks for this. This made me (after a couple of times) realize the stupid issue I made with my port forwarding. So stupid but took me literally hours to find and all just because of your video.

@WunderTechTutorials

2 жыл бұрын

Glad it helped, thanks so much for watching!

Great video! Thank you! so much quality information. Synology should honestly link to this video for explaining best practices for the Synology firewall!

@WunderTechTutorials

3 жыл бұрын

Thanks so much! I'm glad that it was helpful!

really appreciate your clear explaination, thank you for taking the time to make this video

@WunderTechTutorials

3 жыл бұрын

I'm glad that it helped, thanks a lot for watching!

Awesome. Thank you so much. Worked on the first try!!

Thanks for this tutorial, helped me a lot.

Thank You Sir .. for sure I'll be waiting for your next Video

Thank you very much for this video, been around synology and wanting to add security to it. Thank you! (With the quality, very surprised with the low ammount of likes)

@WunderTechTutorials

3 жыл бұрын

I'm glad to hear it helped, thanks a lot for watching!

your explaining very well good job love your videos

Great resources to stay smart | be safer Thank you

Great Video ... and your whole series on NAS I am new to NAS and networks and your info is easy to follow and very informative Thank you 🙏

@WunderTechTutorials

Жыл бұрын

Thanks for the kind words! Glad they help!

Thanks for the excellent info. Subbed.

Absolutely excellent video. Thank you.

@WunderTechTutorials

3 жыл бұрын

I'm glad it was helpful, thank you for watching!

thanks great video. Your a good teacher.

Thanks for these great videos so helpful!

@WunderTechTutorials

3 жыл бұрын

I'm glad they help, thanks so much for watching!

What a Great Job !!! I thought i did all to protect. THE RANG OF LOCAL IPs is a GOOD Option!! Thanks … 🙏🙏

@WunderTechTutorials

2 жыл бұрын

Glad it helped! Thank you for watching!

you're a legend! love your channel

@WunderTechTutorials

3 жыл бұрын

Thanks so much!

Amazing content, and that's all the channel content. Thanks

@WunderTechTutorials

2 жыл бұрын

Thanks so much!

I love your videos and appreciate the time spent on indexing and written instructions. They are very helpful! I only access my NAS internally or through my iPad on a VPN tunnel I set up through my Unifi router. I do NOT have any ports open on my Unifi Router I have reserved static IP's for all of the Mac's & PC's on my network If I am understanding correctly my NAS firewall rules can be pretty basic: - Management UI (HTTPS), IP range of Mac's & PC's - Management UI (HTTPS), IP range of VPN which is on a different VLAN - Window File Server, IP range of Mac's & PC's (For SMB) - All, All, Deny Am I missing anything? Do I need to add any of the following for other services I use: Synology WS-Discovery Bonjour Hyper Backup Vault Active Backup for Business Share Snapshot Replication

@WunderTechTutorials

2 жыл бұрын

Thanks so much! You are correct that those are the initial rules that you'll need. As for those services, you will need firewall rules for them as well. By default (with how you're setting up the firewall), you will block ALL traffic, outside of anything you specifically allow. Therefore, if you're using any specific services where access TO your NAS is required, a firewall rule for that port will need to be created.

Thank you so much for this extremely useful guide! I bought my first nas and I was configuring it follow your guide just yesterday! I have one question about country rule: when I go to another country for a trip, if I want to to allow me to backup my photos on my nas I have to allow that specific country till I'm away right? This count even if I use openvpn or not?

@WunderTechTutorials

3 жыл бұрын

Thanks a lot for watching! Using the country rules are only necessary if you're opening a port on your router, so if you opened a port on your router and you used the "current country" filter, you will need to add that other country if you'd like to connect from there. If you are using OpenVPN, you need to do the same IF you set a country specific rule on that port. So in summary, yes, you do need to change the rules for any ports where the country rule is specified.

Hi and thanks again for this very good and informative video. What bothers me is how the firewall in the router relates to the firewall in the nas, I also don´t understand the difference between allowing via port forwarding in the router and allowing in the routers firewall. E.g. I must port forward 6281 in the router to the nas to get Hyper back-up work, if I only allow 6281 destined to the nas in the routers firewall it doesn´t work - confusing. I am sure you can explain - thanks! I have a synology 2600 router.

@WunderTechTutorials

3 жыл бұрын

Thank you for watching! Think of your router's firewall as an opening to the world (outside of your local network) and a Synology NAS's firewall as opening to your local devices OR to the world. If you open port 6281 on your Synology NAS, local devices will be able to access your NAS on that port. If you open port 6281 on your NAS AND your router, devices from the entire world will be able to connect to port 6281. Generally, you don't want to open any ports on your router if you don't have to. Since you're opening ports to the entire world, you want to limit this as much as you possibly can. I hope this helps, but if I can further clarify, please let me know!

Thanks for this excellent tutorials. I do have a quick question about backing up the nas using services like Google or One drive. If you limit destinations( by country) wouldn't that affect using cloud sync as a backup. What other approach would you use? Thanks again

@WunderTechTutorials

3 жыл бұрын

Thanks so much! You shouldn't need to open any ports to get Cloud Sync working, so changing the firewall rules shouldn't impact anything. Please let me know if you have any other questions!

This is a great video! Thank you! Would love to see and update with DSM 7.1 along with Tailscale VPN and firewall best practices for Hyper Backup and CMS. CMS particularly because even though following Tailscale’s instructions I can backup my NAS offsite and access the offsite NAS DSM, I cannot get it joined to CMS remotely. Not sure why, but after seeing this video it may require internal and external firewall ports. Again, alway great stuff from WunderTech! 👍🏻👍🏻

@WunderTechTutorials

Жыл бұрын

Thanks so much! I will add this to my list!

@tonyvalenti6614

Жыл бұрын

@@WunderTechTutorials Thank you sir! If you ever wrote a comprehensive Synology book, I’d be first online to buy it! 😉👍🏻

Just discovered this video, and I was wondering if it is wise to create firewall rules on ‚All Interfaces‘ rather than specify rules for each interface. In the latter scenario, you don‘t have to specify an ‚all deny rule‘ as last resort, as you can specify on each interface that for all rules which do not apply, traffic will be blocked. And this even makes more sense if you say to create a rule for each service, so in VPN interface, I could specify other rules than on LAN1 interface. But generally speaking, I agree with you. I have only my subnet opened, and from outside…my country!

@WunderTechTutorials

3 жыл бұрын

You can certainly break them out by interface! Generally (from what I've seen at least), people use all interfaces for the same services, so it's easier to manage them all at once, but if you have specific reasons to break it out by interface, that's a perfectly acceptable option!

Hi, I am trying to backup files to my Synology NAS from my computer using Acronis. If I leave fire wall off it works if I turn firewall on it doesn't. Any idea of the rules I need. Thank you.

Great explanations. Thank you very much for this video. I had a question if you can guide me through. I am using cloudflare and hostname for DDNS and CF PROXIED on, portforwarding DSM management through router. But I want to restrict access to DSM management to my router and WAN IP address on firewall. So DSM is inaccessible from any other addresses. In that case how can I resolve this problem? Currently whenever I am connecting to DSM, it shows my IP as Cloudflare IP and firewall setup which I did as Deny, seems to be not working.

@TuhinBhuiyanWebDeveloper

2 жыл бұрын

I think once it gets proxied from cloudflare, all firewall settings needs to be done through Cloudflare to have it work. That is how I was able to make it work. We have to use WAF for free version.

@WunderTechTutorials

2 жыл бұрын

@@TuhinBhuiyanWebDeveloper That is correct. Glad that you were able to get it working!

Dear WunderTech, thank you for this amazing tutorial. May I ask you one more question? I have a password manager server (vaultwarden) running on my NAS using Docker. I set up a reverse proxy rule that maps my own hostname to the port of the password manager server. Since it's a https connection, I also had to enable port forwarding 443 to NAS:443 in my router. In fact, I also enabled 80 to NAS:80 port forwarding rule while requesting a certificate for my domain. My question, is revere proxy some kind of firewall? In this case, is 443 the only port I need to open in the firewall settings? Thanks in advance.

@WunderTechTutorials

Жыл бұрын

Yes, 443 is the only port you'll need open. Think of a reverse proxy as a single service that can expose multiple services. Therefore, if you had many websites you wanted to expose, you can expose them all by only opening port 443. I have a video on the Synology reverse proxy if you're interested!

I have a bunch of designated ports for docker packages that I access through my browser. I.e. handbrake, syncthing, rutorrent etc.... Do I have to make a new rule for each one of these packages? Will I lose access to these if I enable the firewall?

@WunderTechTutorials

3 жыл бұрын

If you are using the host network interface (your NAS's IP), then yes, you will have to create a new rule for them. How you do that is up to you, meaning you can create one firewall rule and separate each port by a comma, or you can create an individual rule for each port. Let me know if you have any other questions!

Thank you for the great video! I have a question: I wanted to use my NAS on my new Mac like I did on my Windows where I can view the files online without my computer downloading everything. I found out that the only way to do that with a Mac is to add the NAS as a server instead of using the Synology Drive Client. When I did that, I got to easily connect to my NAS with my login and password even though my Mac is outside of the allowed IP range I set up (I wasn't asked for 2-factor verification either). Is there a lapse in my security?

@WunderTechTutorials

3 жыл бұрын

When you say that you were able to access it, how were you able to access it? Was it SMB? If so, that's a different port than DSM, so you'd have to check what port it is and check that specific firewall rule.

@AshrafulIslam-uz3bd

3 жыл бұрын

@@WunderTechTutorials Ah yes, it was SMB. I'll do more research into that then, thank you!

Just found your vids wen looking for more on pihole. Great stuff have subscribed. Please can you do a setup video of nginx proxy? Saw ur install vid on it but wanted a setup video please? Also could it be ran in docker on a synology?

@WunderTechTutorials

3 жыл бұрын

Thanks so much! I appreciate the support! I will add this request to my list. Do you mean setup as in starting with the domain, adding it to NPM and then adding a certificate? I have half of that setup in the Nginx Raspberry Pi video, but I will add a more robust Nginx Proxy Manager tutorial to my future videos list. I will also look into running it on Synology! Thanks again for watching!

@kevinhughes9801

3 жыл бұрын

WunderTech thank you! Find ur videos alot better thrn other channels as they seem to skip the details that matter where u dont. So keep up great work cheers

When I turn the the deny all firewall rule on my qbittorrent stops working. Just adding port 6881 doesn't seem to be working which is the specified port qbittorrent is using in docker. Any pointers? Thanks for all the great content man.

@WunderTechTutorials

2 жыл бұрын

I unfortunately don't use qbittorrent, but are both the container and local ports 6881? If you run the container and view the settings, is it successfully mapping 6881 or is it something else?

Great video. Quick question...after I made all of my exceptions and the one "deny" rule at the bottom of the list, my PLEX server no longer connects. I disable the "deny" rule and it works fine. I don't see where I can add a rule for the PLEX app. I have tried port forwarding the 32400 port that PLEX uses to no avail. Any thoughts? Thanks! Addendum: Nevermind! I got it figured out. I had to port forward the Plex port 32400 which I thought I had done and then I added one rule for a specific port: 32400 and then re-enabled the "deny" protocol and all is well. Honestly, your video is so helpful that I would have never been able to figure that out but the way you explained stuff I actually learned something and was able to problem-solve with that new knowledge. Again, thank you!!!

@WunderTechTutorials

2 жыл бұрын

Thanks! Glad you fixed it! Just know that for all services moving forward, you'll have to open the correct port in order to "allow" traffic through DSM.

I always assumed that "Access Control" to my NAS stems from the username/password ("Accounts") I set up. As in, sure a houseguest might have access to my local network, but does that automatically mean they can just browse their way into the /contents/ of my NAS? Doubtful, unless they also have login credentials for it. Am I missing something here?

@WunderTechTutorials

2 жыл бұрын

You are correct - they will still need to authenticate, but the firewall will block people entirely (if you would like).

thank for your shared video. I tried to setup with my DSM218+ exactly as you mentioned, but have an error like "Your computer is blocked by new rules...". Why am I wrong here? Thanks

@thanhbinhto6436

Жыл бұрын

I found and solved problems thanks

@WunderTechTutorials

Жыл бұрын

@@thanhbinhto6436 Glad you got it working!

Very good tutorial. I do have to say however that for me, the subnet setting, didn't work. In my case the local network is set to 192.168.178.*, and every time I try to set it up it reverts to the previous configuration, because it says it's unable to connect to DSM. Not sure what I'm doing wrong... but the same happens if I use a range of IPs instead of the subnet.

@WunderTechTutorials

2 жыл бұрын

Does your NAS have a local IP address on the 192.168.178 subnet? Is that rule above the "deny all" rule?

Is it possible to allow access by device (mac, imei etc) rather than IP address.

@WunderTechTutorials

2 жыл бұрын

Unfortunately, not that I know of 😞

Hey. Can you create a firewall rulles set video for Synology RT6600AX Router, please, for main network connection. Great videos!Thnx in advance!

@WunderTechTutorials

Жыл бұрын

I unfortunately don't have one of those routers 😔

when adding the DENY ALL rule, it wont let me because the computer I am using would not be able to access the NAS after. I am guessing we need an allow rule FIRST for our computer on the network and THEN add the DENY ALL rule.

@WunderTechTutorials

3 жыл бұрын

That is correct - the allow rules should be at the top, then the deny all rule should be at the bottom.

At 11:20 when you mention allowing a specific external source IP address for another NAS, would that the that NASs reserved internal IP address? Or that locations external ip address? I assume if it’s a dynamic address this won’t work correct?

@WunderTechTutorials

Жыл бұрын

Yes, you can't use DDNS with Synology's firewall. It should be the external IP address of the other location.

@Tetra84

Жыл бұрын

@@WunderTechTutorials follow up somewhat related question, do you know if it's possible to set up the task scheduler to open or close the firewall to a port (6281) to traffic for a certain timeframe once a week, but otherwise keep it blocked to all (deny all)?

@WunderTechTutorials

Жыл бұрын

@@Tetra84 I unfortunately don't. If you think the IP will change, you can look into allowing the entire ISP IP range so that you're really only specifying that a specific ISP can access it (can't guarantee you'll be able to do it or that it's the best option, though).

This video with the Firewall setup is just as useful as setting up the Synology DS for the first time out the box and probably the thing to do once that’s properly setup. As well I now properly understand how to setup the Manual Firewall settings with this video. Got my NAS a month ago. But this video got me thinking 🤔. Wouldn’t it be even more secure for external outside of using a VPN to have and setup a custom web domain that uses say Cloudflare and thus also only have just 1 DNS IP Address sub domain to access the NAS? If you can do that and it works, do you have that as a video? As that would seem like another good option maybe. On another note of how helpful this video actually is, it’s the only one I’ve found among all the many others on security setup that actually has a video on the actual Firewall setup and configuration. That’s hugely important.

@WunderTechTutorials

2 жыл бұрын

Thanks so much! That is a perfectly acceptable approach and one that a lot of people use. I have a security video that goes over how you can use Cloudflare + your domain to access your NAS, but it's very high-level. Overall, Cloudflare is awesome - I am a huge fan of it and would definitely suggest using it if you own your own domain.

@ardentdfender4116

2 жыл бұрын

@@WunderTechTutorials I have several web domains and personal ones so I could surely use one setup for NAS access on a sub domain.

Great video! One problem I'm having is that the "deny all" rule slows down the start of video streams. All other rules are fine but if I turn that one on it takes forever for video streams to start. Have you encountered this problem? Thanks.

@Somites

3 жыл бұрын

Corrected it by opening the appropriate port, but I thought opening all ports for my LAN IP would make this unnecessary.

@WunderTechTutorials

3 жыл бұрын

That fixed the slowdown from occurring? That's surprising to me, if I'm being honest. You're right in saying that it should have been fine if you opened it for all local devices.

@Somites

3 жыл бұрын

@@WunderTechTutorials you are correct turns out it didn't fix it. I "fixed" it by using SMB instead of FTP. That seemed to do it.

@WunderTechTutorials

3 жыл бұрын

@@Somites That makes sense. Glad to hear you got it working!

Hello, For some reason, my Deny All rule is still blocking access to my Docker Applications even after inputting a rule to allow connection to them. Can't figure out why

@WunderTechTutorials

Жыл бұрын

Are there multiple ports for the containers and if so, are you allowing all of them?

Great tutorial. I'm having a small problem with the firewall though. It won't let Plex run when on. Any Ideas??

@WunderTechTutorials

3 жыл бұрын

Thanks! Are you using the default Plex package? If so, did you create an allow rule for port 32400?

@cyberwasp461

3 жыл бұрын

@@WunderTechTutorials Sorry, am new and not quite sure how to yet!

@cyberwasp461

3 жыл бұрын

got it! thanks

Thank you. How about for downloading updates, from outside your local location? Please advise. Thanks

@WunderTechTutorials

3 жыл бұрын

What do you mean by downloading updates? Are you talking about DSM updates? You shouldn't have to modify any firewall settings for that.

@devislight

3 жыл бұрын

@@WunderTechTutorials Synology DSM updates, yes. So even if we allowed only local domestic traffic within our country, DSM updates can be downloaded.

@devislight

3 жыл бұрын

@@WunderTechTutorials Thank you

@WunderTechTutorials

3 жыл бұрын

@@devislight That is correct, everything will function properly!

Hello. I'm having an issue that I cannot seem to figure out thru my internet scouring. Do you offer virtual consults?

@WunderTechTutorials

Жыл бұрын

I hope to start offering them soon, but right now, I don't. If you'd like to write out your issue, I'm happy to try and help here.

@sackaveli1

Жыл бұрын

@@WunderTechTutorials Ok. Sure. I did leave a message on your webite as well.

I tried setting up the Allow Management UI and Deny All rules. The first is accepted but when I try to activate the Deny All rule I get a message that it blocked access by the computer I am using and was backed out. It all looks just like the video as far as I can see, the Deny rule is below the Management UI. Any thoughts on what I am doing wrong?

@WunderTechTutorials

2 жыл бұрын

Did you happen to pick both Management UI ports (HTTP and HTTPS)?

@midnightlightning1

2 жыл бұрын

@@WunderTechTutorials Initially I just had HTTPS, but then also added HTTP. Both have non-standard port set.

@WunderTechTutorials

2 жыл бұрын

@@midnightlightning1 Are you accessing it from the internal IP address and port? I'll be honest in saying that I haven't seen it lock anyone out if they're using the local IP address and allow access on both, the HTTP and HTTPS ports. Other thing you can try is creating custom rules for the non-standard ports (just to make sure it's actually allowing that port).

Love the video, but am having trouble implementing the country restriction on the Synology internal firewall. Background: I've redefined the DSM ports via the Login Portal to 8000 & 8001 and have opened those ports on my router. In the Synology firewall, my first two entries purportedly allow TCP ports 8000 & 8001 to access my Server if they originate in the USA. After several other "allow" entries, I conclude with the universal denial as you've recommended. These settings "Save" correctly (no lockout warning), but any attempt to access External Access > Quick Connect > Advanced Settings results in a notification that my Synology Firewall has blocked access to TCP ports 8000 & 80001 and attempts to impose a universal "Allow All" for the 8000 & 8001 ports as the top firewall rule. If I disable the final universal denial, the result is the same. I'm out of ideas at this point - can you suggest anything????

@bartondavis1573

3 жыл бұрын

Could this be a problem with the Synology firewall notification logic? Even though the notification indicates that the DSM ports are blocked, further testing indicates I can still access DSM from an outside network (in the US). Should I just disable the firewall notifications?

@WunderTechTutorials

2 жыл бұрын

So it sounds like you're using QuickConnect? If so, it could get complicated as I'm not entirely sure how the routing will function (as it normally specifies a random port to connect to). If you go into the QuickConnect Advanced settings, can you enable the first (use relay service) and disable the second (automatically create port forwarding rules) and see if it works?

Hey @Wundertech, My Synology NAS has a slow downloading speed (kbps) when I am downloading a files on it outside my Network. Can you help me fix? Thank you.

@WunderTechTutorials

2 жыл бұрын

When you say downloading, do you mean uploading from a separate device to your NAS?

@olabtv1924

2 жыл бұрын

@@WunderTechTutorials I am accessing Synology online. From Different PC and Different Networks. Now, let's say I want to download the file in 2GB size and the downloading speed was kbps

@WunderTechTutorials

2 жыл бұрын

@@olabtv1924 What are your upload speeds at home? Unfortunately, you'll only be able to download as quickly as the other side can upload.

Do I need to enable the firewall only if I'll access my NAS remotely?

@WunderTechTutorials

3 жыл бұрын

When you say remotely, do you mean outside of your local network? If so, I would suggest that you do.

@intothedragon

3 жыл бұрын

@@WunderTechTutorials I mean, what is considered exposing the NAS to the internet? is torrenting exposing?

@WunderTechTutorials

3 жыл бұрын

@@intothedragon Exposing the NAS to the internet is port forwarding different ports on your router to your NAS. At that point, the world can access those ports unless you limit access using Synology's firewall.

Nice explanation there, even for a noob like me. I've had a sinogy NAS for about an year and a half. I tried to internalize all the info my low IQ could get and tried to keep it the most secure I could. I have activated quick connect right away because my main goal was to have instant access wherever I was (I'm living in a different city and often visit my parents, or I need id scan and documents when I'm out of home,... Or just on any device). So I found using a VPN or stuff a bit slow. Doesn't the need to login and new accesses approval provide enough security for a basic user as me? I mean, they'll never get my passwords, I don't keep them on my NAS. Just photo, docs, stuff... I'm also pretty sure I have limited ip access when it comes to media server and for pcs to see my NAS as a network hdd. I am really curious about this because I'm also on a path to make a surveillance system with pi zero w and eye softw, also considering passing through synology video monitoring software (I'm not sure my entry level NAS could handle that though)

@WunderTechTutorials

2 жыл бұрын

For the majority of people, QuickConnect is completely fine. There are many different ways to access your NAS, and none of them are necessarily "right" or "wrong", just different in security or something different. Overall, if you're happy with QuickConnect, there's nothing wrong with sticking with it.

@E_Proxy

2 жыл бұрын

@@WunderTechTutorials thank you very much for your reply. I'm less nervous about it. Obv I'll keep out of there things like passwords and other stuff just in case. But I feel just safer with my things on a synology instead of having any cloud provided storage.

As per DSM 7.1 last firewall rule (deny all) seems unnecessary because at bottom of the firewall window there is a option to deny everithing if none of the above rules are satisfied

@WunderTechTutorials

Жыл бұрын

If you're using the interface rather than "All Interfaces", correct. If you're using "All Interfaces", it's still required.

@enricoschiappa3643

Жыл бұрын

@@WunderTechTutorials Hi, you right all interfaces requires all deny as last instruction; for individual interface this rule is managed at the bottom

Hi! Subscribed, thank you very much for the video. I have my firewall set up, however I am getting a few pop ups/errors with certain things. Would you be available to help me out if I shared my rules with you?

@WunderTechTutorials

2 жыл бұрын

Sure, I'll do my best to help. Let me know what they are as well as the problem and we can go from there.

@alexanderconolly6190

2 жыл бұрын

@@WunderTechTutorials Do I share in here or where?

@WunderTechTutorials

2 жыл бұрын

If you're comfortable, yes. I unfortunately had to stop helping through email as it's just too time consuming and my schedule doesn't allow for it. For now, I focus on answering all KZread comments.

@alexanderconolly6190

2 жыл бұрын

@@WunderTechTutorials No worries. So 2 issues I have, I have 3 allow all rules, 1 for my subnet, 1 for my public IP address of my NAS and one for my country. But I constantly get messages from the NAS firewall saying it has blocked the DSM ports (that are forwarded via the router) + i would expect them to be caught in one of the 3 allow all rules anyway. Unless I specifically create an allow rule for those 2 ports for external access with IP range of all, the alerts don't stop coming from the firewall, despite it working anyway

@WunderTechTutorials

2 жыл бұрын

@@alexanderconolly6190 I'm assuming the "deny all" rule is at the bottom? You're not using a reverse proxy to access it, right?

Doesn't a VPN give you the ability to get around the location rule?

@WunderTechTutorials

Жыл бұрын

The location rule is for external IP addresses originating from a specific country. As of the filming of this video, that blocked out local networks.

is this scenario possible. I have downloaded my friends KZread videos. I want to give her access to the videos on my nas and only her , she's in Germany. What would be the easiest and safest. I tried a vpn but no matter how many different ways I try it, it doesn't work.

@WunderTechTutorials

Жыл бұрын

A VPN is definitely the most secure, but if that doesn't work, you should be able to use QuickConnect.

@cyberwasp461

Жыл бұрын

@@WunderTechTutorials I think I'm going to go back to my old backup hard drive. at least I could remote into that. Quickconnect doesn't even work, I put in my quickconnect name and the password I use to log in locally and account or password invalid. QC never offered a password option.

@cyberwasp461

Жыл бұрын

Did a full reset of the nas and surprisingly everything is working now. VPN, Quickconnect, and DDNS. Go figure!!

I am using 2 ISPs, how can I allow two IP pools in the firewall?

@WunderTechTutorials

2 жыл бұрын

You'll have to use different interface rules (top right of firewall setup).

@rupertvillareal8471

2 жыл бұрын

@@WunderTechTutorials Thanks, but it still doesnt work. I'm trying to autosync with the drive client using my 2 networks but it only syncs on the main router where the NAS is connected. When the drive server source ip is set to all it will work. but once i added the 2nd router ip pool, it wont sync. It only reads the 1st routers ip pool

@WunderTechTutorials

2 жыл бұрын

@@rupertvillareal8471 Are you two routers linked in any way?

@rupertvillareal8471

2 жыл бұрын

@@WunderTechTutorials It's not, Its different ISPs and I don't have dual wan routers yet. That's why im trying to limit the access to two different ip pools but I cannot do it, synology only reads one ip pool and denies the 2nd

@WunderTechTutorials

2 жыл бұрын

@@rupertvillareal8471 You'll need to configure a way to connect them both as far as I know. Could be something like a VPN or port forwarding.

Did not work until i added container port 8123

The video somewhat useless: I know how to navigate in UI and how to read, but I'd appreciated if you restricted let's say SMB and shown the error while mounting. I didn't quite get how the restrictions behave. For instance, I denied all as you suggest, including the NTP and CIFS, nevertheless I still able to update the time and mount the share. If so, what's the point? Or did I misunderstand something🤔

@WunderTechTutorials

2 жыл бұрын

This is a general video meant to apply to all applications/services. Chances are something is configured wrong. If you're comfortable sharing your rules, I can try and tell you what's wrong.

Thank god I watched this video. Other wise I’ll get blocked