G+_Allan Madsen Posted July 23, 2018 Share Posted July 23, 2018 Hi Know How I have with great pleassure followed your "Synology Madness". For some years ago I bought my frist Synology Diskstation, a DS 209+II. Unfortunatelly I never managed to get that much use of it, as I was not sure how to connect an ensure the safety. Anyway, your show inspired me to buy a new model, the DS 718+. My goal is to set it up to host my private Web-, mail- and file server. And maybe later SQL database, survailance- and print server as well. And maybe use the old NAS as private backup server. I am very focused on security, but I am not experient in all the network, ip, port setup and so on, and are therefore insecure that I can trust it enough to let it be my primary host for mail, media and documents. In one of the episodes it was recommended not to open any ports in the router, as it could be a potential risk. But according to the guides on Synology.com it is nessesary to open specific ports to make the different sevices work. I understand that connecting to the NAS through quickconnect is a safer way, but quickconnect dosn't work with all services, so how do you host services as Web, FTP and SQL db without open any ports? Or am I miunderstanding something? Hope that you can help me understand it better, as I'am a little confused and worried now. Look forward hearing from you... Link to comment Share on other sites More sharing options...
G+_Gene Hill Posted July 23, 2018 Share Posted July 23, 2018 You mentioned wanting to use it for private web/file/mail servers. Does that mean you intend to only access it from inside your own network and not over the public internet? Link to comment Share on other sites More sharing options...
G+_Gene Hill Posted July 23, 2018 Share Posted July 23, 2018 The big concern with opening ports and port forwarding is when they are open to the public internet. It's is very difficult to secure services when they are open to anyone connecting from anywhere in the world. So when you hear about the dangers of opening ports or port forwarding it's usually about the outside internet, not your internal Network. It's much safer to open those required ports for internal web services. Link to comment Share on other sites More sharing options...
G+_Randy Widell Posted July 24, 2018 Share Posted July 24, 2018 Couple of things: 1. If you want to use the Synology as a mail server, that could be problematic depending on your ISP. Comcast, for example, does not allow incoming SMTP traffic for their residential customers specifically to disallow hosting private email servers. So, you would be able to send emails, but your server would never receive emails. 2. You have two security things to consider when opening a NAS (or anything else) up to the Internet: a) the contents of the NAS, and b) your network. To address (a), do not store anything sensitive on the NAS if you use as a server. In my case, my NAS is a staging area for Azure backup via Synology's HyperBackup application. So, the idea of opening my NAS to the Internet is a non-starter. To address (b), put the NAS on a different LAN segment, e.g. 192.168.2.0/24 if your main network is 192.168.1.0/24. You can then modify the firewall on your router to allow zone forwards from .1 to .2, but not vice versa to prevent a compromised NAS for seeing the rest of your network. Link to comment Share on other sites More sharing options...
G+_Allan Madsen Posted July 24, 2018 Author Share Posted July 24, 2018 Gene Hill Hi Gene. Thank you for your reply. I would like to access it from anywhere in the world. I always have been wondering why to open up the ports, and wether it would compromise the security... Link to comment Share on other sites More sharing options...
G+_Marco van Laerhoven Posted July 24, 2018 Share Posted July 24, 2018 This is a nice post on the topic https://plus.google.com/110737842067623105607/posts/KLxg5QcUyRG plus.google.com - FYI... Synology QuickConnect I wanted to figure out how QuickConnect actually... Link to comment Share on other sites More sharing options...
G+_Tailsthefox Pelissier Posted July 26, 2018 Share Posted July 26, 2018 I saw an youtube video on installing Windows 10 under an vm app on one as Network OS. Doing that on their nas boxes may be their for that rezone. Since an vm app will sand box those things. I hope if they do an Synology Madness 2.0 that they show that since it may help. I forexpull don't need Windows 10 all the time but the times i do i can get away with running it in an vm app not installing it on boot camp. Link to comment Share on other sites More sharing options...
Recommended Posts