Need help with PfSense / Synology
-
Hi :)
First, I want to say I'm a noob to PfSense! (But we all have to start someplace)
First some info
My gateway is: 192.168.1.1
My DNS is: 8.8.8.8 / 8.8.4.4
My IP of Nas server is: 192.168.1.123The problem:
When I try to go to my NAS servers web interface at this URL: https://nas.mydomain.dk:5001 it's time out! (ITs from the lan network)
But if I go to the same address from outside my network, it works fine!
It also works if I use https://192.168.1.123:5001 within my network <- But there are SSL errors
Firewall -> NAT -> Port -> Forward
Firewall /Rules
What can be wrong ?? Any fix will be nice!
Thanks
Thomas
-
@taxick
By default pfSense provides a DNS resolver in Services menu.
If you use it on your internal devices you can add host overrides for your internal servers pointing to their internal IPs.If you use external DNS servers for whatever reason you may enable NAT Reflection in the NAT rule.
-
I wouldn't suggest opening your NAS, to the public internet in the first place - its a really bad idea from a security point of view.
If you must access your nas while your remote - best to use a vpn.. Or their remote quickconnect feature - which allows you to access your nas without directly exposing it to the public internet.
https://global.download.synology.com/download/Document/Software/WhitePaper/Firmware/DSM/All/enu/Synology_QuickConnect_White_Paper.pdf
-
@taxick said in Need help with PfSense / Synology:
NAS servers web interface at this URL: https://nas.mydomain.dk:5001
This means that this is / must be true / is the case :
Right ?
@taxick said in Need help with PfSense / Synology:
It also works if I use https://192.168.1.123:5001 within my network <- But there are SSL errors
Look into your cert, you browser can show all the details.
You've put in there ( instructed to put in there ):
*.mydomain.dk = the wildcard (why noy)
or pfsense.mydomain.dk and nas.mydomain.dk and ..... etc.
but you forgot to put in "92.168.1.123" (which isn't always possible - Letsencrypt won't let you do that).@taxick said in Need help with PfSense / Synology:
When I try to go to my NAS servers web interface at this URL: https://nas.mydomain.dk:5001 it's time out! (ITs from the lan network)
What can be wrong ?? Any fix will be nice!Easy fix.
You forgot to finish the setup things.Goto Services > DNS Resolver > General Settings
Add a host override likeOr, even better :
Use default unbound settings (please remove these ugly 8.8.8.8/4.4 while your there).
Set up your Syno to use DHCP.
Set up a static DHCP lease using the Syno's MAC.
Now, the syno always has the same LAN IP and the hostname 'nas.mydomain.dk' will be known to the local DNS == unbound. No host override needed.edit : actually : @viragomann said.
-
Hi :)
Its works after I enabled "NAT Reflection"
I have removed the public access to my NAS server and made it only available from LAN and openVPN..
Thanks for explaining this to me.. :)
It all works now :)
Thanks