firewall rule vs port forwarding

Topics pertaining to SRM usage, usability and management
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:

https://account.synology.com/support/su ... p?lang=enu



2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
pergola.fabio
I'm New!
I'm New!
Posts: 4
Joined: Thu Jul 12, 2018 7:42 pm

firewall rule vs port forwarding

Unread post by pergola.fabio » Fri Jul 13, 2018 1:53 pm

hi

i have a simple setup , and a simple question

if you do port forwarding, for example 80 webserver , or 32400 plex ...
do you also need for each port forwarding a firewall rule to allow that traffic?

because in the firewall settings, at the botton , there is an option (default setting)
If IPv4 Wan-TO SRM traffic macthes no rules = deny

i want to leave it on deny offcourse

Babylonia
Specialist
Specialist
Posts: 1156
Joined: Tue Jul 26, 2016 10:47 am

Re: firewall rule vs port forwarding

Unread post by Babylonia » Fri Jul 13, 2018 2:13 pm

If you set to "deny" at the bottom, firewall rules are denied for services that are port forwarded.
EDIT: Sorry, just the other war round. You have to set to "Allow"
In that case port forwarding rules do have a more high priority, than firewall rules itself.

But why didn't you just check yourself? Test can be done very easily, and you know.
Last edited by Babylonia on Fri Jul 13, 2018 2:17 pm, edited 2 times in total.
RT1900ac / DS213j / DS415+ / DS218+ (at different locations).

pergola.fabio
I'm New!
I'm New!
Posts: 4
Joined: Thu Jul 12, 2018 7:42 pm

Re: firewall rule vs port forwarding

Unread post by pergola.fabio » Fri Jul 13, 2018 2:14 pm

ow, now i see that there is also a option in firewall
If IPv4 WAN-to-LAN = ALLOW (default option)

so if i set that to DENY , i need to create a rule probably for each service?
if leave it to ALLOW? then i dont need to make firewall rules

1) what is the best approach? DENY and create rules? or ALLOW and not create rules , what are the effects?
2) whats the difference between IPv4 WAN-to-LAN and IPv4 WAN-to-SRM ?
is SRM only used for remote management on the router itself?

Babylonia
Specialist
Specialist
Posts: 1156
Joined: Tue Jul 26, 2016 10:47 am

Re: firewall rule vs port forwarding

Unread post by Babylonia » Fri Jul 13, 2018 2:21 pm

pergola.fabio wrote:
Fri Jul 13, 2018 2:14 pm
is SRM only used for remote management on the router itself?
You can ad a harddrive, and use it as a sort of "NAS", use VPN services, media-server....

For further general questions just first read within the Synology Knowledge-base, and Help pages.
Also there are a lot of Tutorial video's found within the Knowledge base, that answer general based questions already.
https://www.synology.com/en-global/support
Last edited by Babylonia on Fri Jul 13, 2018 2:30 pm, edited 1 time in total.
RT1900ac / DS213j / DS415+ / DS218+ (at different locations).

pergola.fabio
I'm New!
I'm New!
Posts: 4
Joined: Thu Jul 12, 2018 7:42 pm

Re: firewall rule vs port forwarding

Unread post by pergola.fabio » Fri Jul 13, 2018 2:29 pm

ok, thnx

Post Reply

Return to “Installation and Configuration”