[SOLVED] Synology Nas - External Access - 2 x NAS

dub_de

Commendable
Dec 20, 2019
20
1
1,515
0
Hey,

I have 2 x Synology NAS and I can connect to both just fine on LAN and I'm having issues with connecting to them externally. Rather than talk about both NAS I'd like to focus on one of them and get that working and then introduce the other and see what other settings I have to change. Ultimately I want two NAS connectable from either LAN or WAN.

Points to note - NAS 1:
  • I have both a PC and a Macbook and both see the NAS drive and are able to connect on LAN
  • I have DDNS set up and I can actually access the admin page/DSM on an external network, by using mynas.synology.me for example
  • Set up with static internal IP
  • I have port forwarding set up manually on the router
- Ports 80/443, 5000/5001,,5005/5006, 20/21
- Firewall off on NAS and Router

Go>Server
Trying to connect through macbook Finder>Go>Server to NAS on an external network

I type the DDNS 'https://mynas.synology.me:5001' >
Verify Certificate message "WebDAV server was signed by unknown authority..." >
"You are attempting to connect to server mynas.synology.me" press connect >
I get the admin/password screen >
"Problem connecting - check server name or IP address"

or

I type in the external IP address + port and it then it spins out trying to connect and fails - Don't even get the admin/password option


FTP
Port 21
- connection timeout

Port 22 -
Status: Connecting to 192.168.0.147...
Response: fzSftp started, protocol_version=11
Command: open "dam@192.168.0.147" 22
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server



So that's all on one NAS - then you add another NAS in the mix and my mind has given up.

Frustration level = 7/10 atm

Please help :)
 
Last edited:
Have you tried to connect from a actual external network or are you trying to access the external IP from a internal machine.

The router needs a special feature to do that. In most cases they don't even document if it has it. Many times it is called hairpin NAT. It is actually messy to even think about. When your internal packet gets sent out the source address gets changed to the external IP. At this point the packet has both the source and destination IP the same....ie your external IP.

Note try to find a different way to do this FTP Is very unsecured every thing us being sent with no encryption.

It also might be easier to just run a VPN server function on your router. Then you would vpn into the router and you could access both NAS units like you were on your lan.
 
Reactions: dub_de

kanewolf

Titan
Moderator
Hey,

I have 2 x Synology NAS and I can connect to both just fine on LAN and I'm having issues with connecting to them externally. Rather than talk about both NAS I'd like to focus on one of them and get that working and then introduce the other and see what other settings I have to change. Ultimately I want two NAS connectable from either LAN or WAN.

Points to note - NAS 1:
  • I have both a PC and a Macbook and both see the NAS drive and are able to connect on LAN
  • I have DDNS set up and I can actually access the admin page/DSM on an external network, by using mynas.synology.me for example
  • Set up with static internal IP
  • I have port forwarding set up manually on the router
- Ports 80/443, 5000/5001, 20/21
- Firewall off on NAS and Router

Go>Server
Trying to connect through macbook Finder>Go>Server to NAS on an external network

I type the DDNS 'https://mynas.synology.me:5001' >
Verify Certificate message "WebDAV server was signed by unknown authority..." >
"You are attempting to connect to server mynas.synology.me" press connect >
I get the admin/password screen >
"Problem connecting - check server name or IP address"

or

I type in the external IP address + port and it then it spins out trying to connect and fails - Don't even get the admin/password option


FTP
Port 21
- connection timeout

Port 22 -
Status: Connecting to 192.168.0.147...
Response: fzSftp started, protocol_version=11
Command: open "dam@192.168.0.147" 22
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server



So that's all on one NAS - then you add another NAS in the mix and my mind has given up.

Frustration level = 7/10 atm

Please help :)
Have you read through the Synology page on remote access -- https://kb.synology.com/en-af/DSM/help/DSM/Tutorial/cloud_set_up_quickconnect?version=6 ??
 

dub_de

Commendable
Dec 20, 2019
20
1
1,515
0
Last edited:

dub_de

Commendable
Dec 20, 2019
20
1
1,515
0
UPDATE - WEBDav server needed 'Fixing' in Synology DSM.

I have now managed to connect using the DDNS with port 5006: mynas.synology.me:5006

I still can't connect using the external IP though - any suggestions on that?

Also not sure how to connect via FTP still

Next issue is now adding both NAS in - how can they both connect at the same time on the same port? Or can they not? Will I have to change ports for the WEBDav server on one of them?
 
Have you tried to connect from a actual external network or are you trying to access the external IP from a internal machine.

The router needs a special feature to do that. In most cases they don't even document if it has it. Many times it is called hairpin NAT. It is actually messy to even think about. When your internal packet gets sent out the source address gets changed to the external IP. At this point the packet has both the source and destination IP the same....ie your external IP.

Note try to find a different way to do this FTP Is very unsecured every thing us being sent with no encryption.

It also might be easier to just run a VPN server function on your router. Then you would vpn into the router and you could access both NAS units like you were on your lan.
 
Reactions: dub_de

dub_de

Commendable
Dec 20, 2019
20
1
1,515
0
Have you tried to connect from a actual external network or are you trying to access the external IP from a internal machine.

The router needs a special feature to do that. In most cases they don't even document if it has it. Many times it is called hairpin NAT. It is actually messy to even think about. When your internal packet gets sent out the source address gets changed to the external IP. At this point the packet has both the source and destination IP the same....ie your external IP.

Note try to find a different way to do this FTP Is very unsecured every thing us being sent with no encryption.

It also might be easier to just run a VPN server function on your router. Then you would vpn into the router and you could access both NAS units like you were on your lan.
Thanks for the note on Router VPN! Didn't even think - That might be something for me to implement anyway as it seems much easier.

Having said that I have now got access using the IP's. Because I have two NAS I have created separate ports to connect on - so yes on an external network I can connect using the external IP address+port number for each NAS and I can see all my files.
 

gggplaya

Distinguished
Don't use standard HTTP and HTTPS ports of 80 and 443, that's a security nightmare. If accessing from outside the house, I would use different non-standard port numbers and port forward to the internal ports 80 and 443.

There are many bots that crawl around the internet pinging standard ports on all internet ip addresses. If they get a hit it'll populate a list which a hacker runs down through and tries to hack into your network.
 
Reactions: dub_de

ajohnson30

Distinguished
Jul 26, 2012
25
2
18,545
1
Second the notion of router vpn...or other vpn method. Exposing your NAS (both of them) to the internet like this is inviting hackers to...well..hack your NAS
 

ASK THE COMMUNITY