Can no longer connect to my NAS boxes from outside the network

[Paul Costanza]

I have 2 NAS' and suddenly, neither can connect from outside the network. I checked DDNS router config and ran a test and port 80 fails though 5000 works fine. I've tried to let Synology set up my router and still nothing. I shut down the Firewall and virus protection and again, nothing.
Then I opened port 80 on my router and that still did nothing. I'm out of ideas. Nothing has been done as far as I know....no Windows up dates etc.
Might someone have an idea?
My QNAP NAS also won't allow a connection from outside. So, it's got to be my router and I realized that 2 days ago I updated the firmware. Are there known problems with this version that would stop port 80 from working?
I'm not very knowledgeable about router configs and such so I hope I made this clear.

Thanks

 

[ColinTaylor]

You haven't said what router model you have, what the current firmware version is or what the previously working firmware version was.

Is it only port 80 that doesn't work? Some ISP's block that port.

 

[Paul Costanza]

Sorry, I have the ASUS RT-AC87R running 384.10. Also, 6690 doesn't seem to work either.
Actually, Synology's DSM automatically set things up originally and it's been working great for almost 3 years. The only thing that changed recently was the router firmware update.

 

[ColinTaylor]

What was the previous firmware version? It would probably be worth going back to that to confirm that it is a firmware issue and not something else.

 

[Paul Costanza]

I honestly don't know. I hadn't updated in a while so I am not sure. Guess I can try an older version.

 

[martinr]

I honestly don't know. I hadn't updated in a while so I am not sure. Guess I can try an older version.

Then that is most likely the problem. You could quite possibly even have missed doing a mandatory reset to factory default settings followed by re-insertion of your custom settings ny hand.

Use L&LD’s guide here:

https://www.snbforums.com/threads/n...l-and-manual-configuration.27115/#post-205573

And it’s worth reading the whole topic; it’s only 2 pages. If you follow that guide you should have no more problems.

(I’m assuming you didn’t reset on upgrade.)

 

[Zonkd]

Check firewall rules on DSM. (Don’t disable DSM firewall completely if you’re exposing to the internet). Also check if the DSM security settings blocked your external IP address temporarily. The latest DSM6 has also added a lot of new security features to lock accounts with too many unauthorised access attempts.

Surprised none of y’all proffered up some warning ‘bout port forwarding risks. I decided against it after research of a bunch of past exploits. I was horrified to learn Synology devs are so lazy you can’t even trust their VPN server package to be safe because for the longest time it had weak hardcoded Synology user credentials root:synopass. After they were notified it took them 3 months to patch it. Bottom line- I’d rather place my trust in Asuswrt-Merlin implementation of OpenVPN.

But yeah, do what @martinr said with clean reset and minimal config. UPnP must be on for zero-configuration remote access with Quickconnect. (You definitely don’t want to use the Synology tunnel service because it’s slowwww). Alternatively you can leave UPnP off and manually forward ports on router to required source ports on DiskStation.

 

[martinr]

..... (Don’t disable firewall completely if you’re exposing to the internet). ....

Surprised none of y’all proffered up some warning ‘bout port forwarding risks. I decided against it after research of a bunch of past exploits. I was horrified to learn Synology devs are so lazy you can’t even trust their VPN server package to be safe because for the longest time it had weak hardcoded Synology user credentials root:synopass. After they were notified it took them 3 months to patch it. Bottom line- I’d rather place my trust in Asuswrt-Merlin implementation of OpenVPN.

.

Dead right. Apologies.

 

[Zonkd]

Dead right. Apologies.

Haha, if it’s been exposed by port forwarding for over 3 years without incident (so far as we’re aware) it’s tough putting forward a convincing argument to stop it now.

 

[Paul Costanza]

Then that is most likely the problem. You could quite possibly even have missed doing a mandatory reset to factory default settings followed by re-insertion of your custom settings ny hand.

Use L&LD’s guide here:

https://www.snbforums.com/threads/n...l-and-manual-configuration.27115/#post-205573

And it’s worth reading the whole topic; it’s only 2 pages. If you follow that guide you should have no more problems.

(I’m assuming you didn’t reset on upgrade.)

Thanks very much. Will read it all and OCD on it!

 

[bbunge]

Port forwarding to your NAS on known ports is a good way to get hacked. Much better to use VPN to get into your network then connect to the NAS. Am not too sure how secure the Synology cloud service is so I have not set it up on my NAS.

Sent from my SM-T380 using Tapatalk