How can I set my NAS up, so it can only be accessed from the IPs in the Allow-list?

Here is where to discuss how to keep your data and DiskStation safe using the Security Advisor
Forum rules
We've moved! Head over to Synology Community (community.synology.com) to meet up with our team and other Synology enthusiasts!
Pengzi
I'm New!
I'm New!
Posts: 3
Joined: Tue Sep 25, 2018 4:54 pm

How can I set my NAS up, so it can only be accessed from the IPs in the Allow-list?

Unread post by Pengzi » Tue Sep 25, 2018 5:26 pm

Hi Forum,
I'm getting "attacked" everyday and some guys out there are trying very presistently to get acces of my NAS. Luckily so far they all ended in the blacklist for ever.
I'd like to know if there is a way that I only allow the IPs from my "Allow-list" to even try to access my NAS and all other IPs are by default "blocked". Is there an option in setup for it?

Thanks for any input.
Pengzi

User avatar
HarryPotter
Honorary Moderator
Honorary Moderator
Posts: 19674
Joined: Mon Oct 23, 2006 12:48 pm
Location: Switzerland

Re: How can I set my NAS up, so it can only be accessed from the IPs in the Allow-list?

Unread post by HarryPotter » Tue Sep 25, 2018 6:18 pm

Pengzi wrote:
Tue Sep 25, 2018 5:26 pm
if there is a way that I only allow the IPs from my "Allow-list" to even try to access my NAS and all other IPs are by default "blocked".
Yes there is: DSM - Control Panel - Secuirty - Firewall.

Edit the rules, set default access to deny and list all allowed IPs
*Please do not Private Message me for support questions; leave it on the forum so all members can learn. Thanks!*

DS718+ / DSM 6.2-23511 / ST4000VN000-2AH166 / SA400S37120G SSD cache /16 GB RAM
DS415+ / DSM 6.2-23511

LMS 7.9.1-166, 2 Squeezebox 3 + Boom

APC Smart UPS SUA750i

Pengzi
I'm New!
I'm New!
Posts: 3
Joined: Tue Sep 25, 2018 4:54 pm

Re: How can I set my NAS up, so it can only be accessed from the IPs in the Allow-list?

Unread post by Pengzi » Tue Sep 25, 2018 9:12 pm

Thanks for the reply!
On the "Edit Firewall Rules" dialog, I have options for enter "Single Host/Subnet/IP range" once I choose "Source IP/Specific IP". How do I enter a few IP-addresses for access, when they are not in a range (discrete)?

Pengzi
I'm New!
I'm New!
Posts: 3
Joined: Tue Sep 25, 2018 4:54 pm

Re: How can I set my NAS up, so it can only be accessed from the IPs in the Allow-list?

Unread post by Pengzi » Tue Sep 25, 2018 9:15 pm

Do I have to add one rule for each allowing IP?

telos
Specialist
Specialist
Posts: 1093
Joined: Mon Sep 23, 2013 6:12 pm

Re: How can I set my NAS up, so it can only be accessed from the IPs in the Allow-list?

Unread post by telos » Wed Sep 26, 2018 1:22 am

Pengzi wrote:
Tue Sep 25, 2018 9:15 pm
Do I have to add one rule for each allowing IP?
If they are not in a range, then yes. OR you can allow IPs from an originating country.

Basically
1. Allow your local LAN IPs
2. Allow specific external IPs that you use frequently (maybe from your employer's IP range).
3. Allow you country of residence (if you use local hotspots etc.)
4. Deny all else.

You did change the default IPs (5000/5001) right per the Security Advisor recs?

Or maybe permit only external access to NAS's VPN server.

Locked

Return to “Security Advisor”