Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help with PfSense / Synology

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Taxick
      last edited by Taxick

      Hi :)

      First, I want to say I'm a noob to PfSense! (But we all have to start someplace)

      First some info

      My gateway is: 192.168.1.1
      My DNS is: 8.8.8.8 / 8.8.4.4
      My IP of Nas server is: 192.168.1.123

      The problem:

      When I try to go to my NAS servers web interface at this URL: https://nas.mydomain.dk:5001 it's time out! (ITs from the lan network)

      But if I go to the same address from outside my network, it works fine!

      It also works if I use https://192.168.1.123:5001 within my network <- But there are SSL errors

      Firewall -> NAT -> Port -> Forward

      1.png

      2.png

      Firewall /Rules

      4.png

      5.png

      What can be wrong ?? Any fix will be nice!

      Thanks

      Thomas

      V GertjanG 2 Replies Last reply Reply Quote 0
      • V
        viragomann @Taxick
        last edited by

        @taxick
        By default pfSense provides a DNS resolver in Services menu.
        If you use it on your internal devices you can add host overrides for your internal servers pointing to their internal IPs.

        If you use external DNS servers for whatever reason you may enable NAT Reflection in the NAT rule.

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @viragomann
          last edited by

          I wouldn't suggest opening your NAS, to the public internet in the first place - its a really bad idea from a security point of view.

          If you must access your nas while your remote - best to use a vpn.. Or their remote quickconnect feature - which allows you to access your nas without directly exposing it to the public internet.

          https://global.download.synology.com/download/Document/Software/WhitePaper/Firmware/DSM/All/enu/Synology_QuickConnect_White_Paper.pdf

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @Taxick
            last edited by

            @taxick said in Need help with PfSense / Synology:

            NAS servers web interface at this URL: https://nas.mydomain.dk:5001

            This means that this is / must be true / is the case :

            86bc181d-f56f-4300-b952-c7ffb7161c43-image.png

            Right ?

            @taxick said in Need help with PfSense / Synology:

            It also works if I use https://192.168.1.123:5001 within my network <- But there are SSL errors

            Look into your cert, you browser can show all the details.
            You've put in there ( instructed to put in there ):
            *.mydomain.dk = the wildcard (why noy)
            or pfsense.mydomain.dk and nas.mydomain.dk and ..... etc.
            but you forgot to put in "92.168.1.123" (which isn't always possible - Letsencrypt won't let you do that).

            @taxick said in Need help with PfSense / Synology:

            When I try to go to my NAS servers web interface at this URL: https://nas.mydomain.dk:5001 it's time out! (ITs from the lan network)
            What can be wrong ?? Any fix will be nice!

            Easy fix.
            You forgot to finish the setup things.

            Goto Services > DNS Resolver > General Settings
            Add a host override like

            ef5f333f-727c-4126-8965-09c1f4a66037-image.png

            Or, even better :
            Use default unbound settings (please remove these ugly 8.8.8.8/4.4 while your there).
            Set up your Syno to use DHCP.
            Set up a static DHCP lease using the Syno's MAC.
            Now, the syno always has the same LAN IP and the hostname 'nas.mydomain.dk' will be known to the local DNS == unbound. No host override needed.

            edit : actually : @viragomann said.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • T
              Taxick
              last edited by Taxick

              Hi :)

              @viragomann

              Its works after I enabled "NAT Reflection"

              @johnpoz

              I have removed the public access to my NAS server and made it only available from LAN and openVPN..

              @Gertjan

              Thanks for explaining this to me.. :)

              It all works now :)

              Thanks

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.