Accessing my NAS on my LAN
I'm a super noob… Please don't be mean!
I just hooked up my new shiny SG-1100 Netgate to my modem and everything was pretty straight forward, but it looks like pfsense is blocking me from accessing my Synology NAS.
I've been googling for a while and my understanding is that I need to setup some port forwarding rules to let my NAS talk to the outside world. Right? I'm gonna do the research to figure how to do that and what port to forward.
I probably don't understand the first thing about firewalls, but I thought it blocked everything from WAN to LAN but not within the LAN. I guess I was wrong?
This is just for my network at home… Is there a way to tell pfsense "let everything go through from http://192.168.0.184 as long as it's on the LAN" kind of thing? And if that's a stupid idea, what would be the best practice to have access to my NAS locally?
Thanks so much for any pointer in the right direction… Usually I'd just RTFM but I'm at the point where I don't know what I don't know and I need to get my computer and NAS talking to each other locally ASAP so I can keep on working… I can figure out the WAN situation later.
pfSense is not involved with your clients talking in the same network (Layer 2).
Say your NAS is 192.168.0.184/24 and your PC 192.168.0.123/24 - they are talking directly via your switch and don't use the gateway (pfSense).
Or did you connect the PC or NAS to the SG-1100 OPT port?
@Rico My setup is Modem > netgate > switch > Synology NAS (my Mac is also hooked to the switch)
My Synology NAS is 192.168.0.184
My Mac is 192.168.1.105
I see a bunch of "LAN Default deny rule IPv4 (1000000103)" errors in "Status / System Logs / Firewall" for 192.168.0.184 and that's why I thought it might be getting blocked by firewall, but like I said I'm a total noob and just guessing, so I probably guessed wrong…
I'm probably missing something super obvious. Like I said… Noob alert! I don't even know what "Layer 2" means (googling that was not super helpful)
Are you running pfSense with the default settings, LAN is 192.168.1.0/24 (pfSense 192.168.1.1)?
The Synology is not part of this network with the IP set to 192.168.0.184/24. This also is the reason why you see traffic blocked in the pfSense logs.
Change the Synology IP to any free address in the 192.168.1.X network, say 192.168.1.184
@Rico I feel dumb… Now I know how IPs actually work Thanks so much!
Now, I need to get the NAS setup with WAN. Do you know of any good tutorial on that? I looked around, but haven't found anything I'm happy with.
And thanks also for the OSI model link… So much to learn!
pfSense default is to allow any traffic from LAN to WAN.
So your Synology should now be able to talk out to the Internet, if your IPs/setup is fixed now.
@Rico Really? Probably not the safest then? I'll read through the docs…
Thanks again. I'm going to bed now ;)
Well that is just the default, with pfSense you can adjust almost any setting. :-)
10:48 AM here, but good night there. ;-)