Synology DS918+ & Netgate 2100
-
@the-other said in Synology DS918+ & Netgate 2100:
is there another ruleset for the kodi machine?
No
-
@the-other said in Synology DS918+ & Netgate 2100:
btw...you have some rules on your NAS with "source all" and such...might think about either disabling the firewall altogether or define those rules...
These are synology apps (for quick connect so that I can access outside my LAN) - Do you see any issues?
-
@netboy
No, no issues. It must work for you and your needs...
I just don't use QC (quickconnect). Pfsense works here as my VPN server, so whenever I really need to get on my NAS from outside my network, I just use VPN and all is well. No need for extra rules.
But I have rules on my NAS for LAN. Depending on clients (mobile, pc) and only those service ports open that are truly needed for that kind of client. Everything else is closed (no rule equals forbidden). So I do not really work with source any but use either IPs or IP ranges (for IPv4 and v6, here with ULAs). Works like a charm and is an extra to pfsense's work on a larger scale... ;) -
@the-other Does VPN work as smooth as quick connect to say streaming your shares OUTSIDE your network (using synology apps) ? I am going to assume NO - Especially "surveillance station" - VPN I assume will bog it down
-
@netboy as said: it must work for your needs, your idea of purpose... :)
I do not stream via VPN (no cameras), I just use it while being in strange WLANs or to get some info across...also to get access to my keepass database, which is not stored locally but centrally on my nas. But that happens maybe 20 times in a year...so it would be comparing bananas to mangos. As always, the ratio between usability and security in a homenet setting is an individual factor...
But all that's OT :D Glad you could sort your sonos out...btw, do you have VLANs? Cause that could bring some clouds to using a sonos system...uups, OT again, sowwy. ;) -
@the-other said in Synology DS918+ & Netgate 2100:
do you have VLANs
This is a different & interesting topic:-)
This "great" forum helped me (when I bought my Netgate 2100) tailoring my two NON VLAN switches to seperate two subnets Iot (LAN1) and Pvt (LAN2) - Search the forum using my Id you will see DETAILED description of my setup....Pvt can access Iot but not the other way.
I do use keeppass but take it with me in USB in case I venture out
I am sure you are aware that keepassxc automatically fills the password from most browser
-
@netboy said in Synology DS918+ & Netgate 2100:
VPN I assume will bog it down
What do you think quick connect is? Its a encrypted tunnel - ie "vpn".. If you can vpn into your network via pfsense - there is zero need for synology quick connect.. Not saying it doesn't have use - it would be great solution if your behind a cgnat for example..
-
@johnpoz said in Synology DS918+ & Netgate 2100:
What do you think quick connect is? Its a encrypted tunnel - ie "vpn"
Maybe you are right...but Quick connect comes out of the box
-
@netboy and yeah anyone that can guess your quick connect name, and your dsm password can just login in. Great out of the box solution ;) I would for sure use 2fa to your dsm. And lets hope no sort of zero day, or just plain brute force to your password, etc.
But sure you do you..
-
@johnpoz BTW I have disabled admin login externally - I use QC only to view "surveillance station" camera's using synology app - Great App. But thx for your input