Having made our Synology NAS secure. We can, if we wish configure our NAS so that it can be accessed from the internet. So in this video we look at a setting in Disk Station Manager (DSM) called External Access.
External Access will allow us to configure the router on our home network so that we can create port forwards. We also take a look at Dynamic Domain Name System (DDNS), which is an easy way to create a Host Name for our NAS.
Finally, because we can automatically create a free SSL certificate. We take a quick look at that SSL certificate, and then configure our NAS to only allow SSL connections from the internet. We will look at SSL certificates more closely in a future video.
Quick reference notes:
Notes: In order to test that your NAS is connected to the internet, try using a mobile phone with a data plan. By typing the IP address of your broadband connection into the browser of your phone. You can test that you are able to access your NAS from outside of your home network.
- Note down the IP address that your broadband connection is using.
- Log into Disk Station Manager (DSM) with administrators privileges
- Select Control Panel – Connectivity – External Access – Router Configuration
- Within Router Configuration, select Set up router
- Once your router passes the UPnP compatibility test, choose Next
- Now choose Apply and Save
- Select Create
- Create your Port Forwarding rules
Note: If you have a static public IP address, there is no need to configure DDNS on your NAS. However, in the UK, very few Internet Service Providers will offer a domestic broadband connection with a static IP address. The Internet Service Provider we us is Plusnet, this is because for a small fee (£5), Plusnet will permanently assign a static IP address to any of their domestic broadband connections.
- Still from within External Access select the DDNS tab
- Select a DDNS Service provider
- Create an account with the DDNS service provider, or sign in with an existing account
- Choose your Hostname
- Agree to the terms and conditions and select OK
- If prompted choose to create a Lets Encrypt certificate
Notes: A Lets Encrypt SSL certificate will need to be renewed every 3 months. While your NAS should be able to automatically renew your SSL certificate. It should be noted that in the past the automatic renewal process, has not always worked correctly.
- From your mobile phone, test that your new domain name is working and you can access the DSM log in screen
- Return to Router Configuration
- Disable Management UI on Local Port 5000 and Web Station on Local Port 80
- Save to update the port forwarding rules for your router.
- Check from your mobile phone that you are redirected to a secure DSM log in screen.
Notes: As updates to DNS can take up to 72 hours. You might find that after configuring DDNS, initially you are not able to remotely connect to your NAS using your host name.
Reference materials:
- Synology Support Article – External Access
- Alternative method for External Access – QuickConnect
- Synology Support – Synology NAS Port numbers
- Lets Encrypt – Website
- Wikipedia – What is DNS
- Wikipedia Aritcle – What is DDNS
- Article from Wikipedia – What is UPnP