Trouble accessing Synology NAS from outside LAN

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Trouble accessing Synology NAS from outside LAN

BrettOnTheNet

75 posts

Master Geek
+1 received by user: 3

#268141 1-Mar-2020 22:24

Hi there

I am with Spark, on Fibre Broadband, Using standard SPARK HG659b router. And Synology NAS 415play.

Firmware on router: V100R001C227B022

NAS is fully up to date.

I have in the recent past (a few months ago) had no issues connecting to the NAS from outside the LAN on:

port 5001 to access the NAS Diskstation Manager

port 1194 for VPN

port (non-standard #) for SFTP

I have not changed anything in recent times. But I can no longer access any of the above.

I have checked the port forwarding rules in the router, and they all look good to me. No apparent change.

I have checked the firewall in the NAS, and that also looks good to me. No apparent change.

I restarted both the router and the NAS

As far as I can tell, I should be able to connect, but I can't.

[edit] I can connect via the Synology "quickconnect.to/quickconnectID", which I believe uses 80, 443, and/or 8888.

I don't know enough to understand where the block might be happening. Any ideas how I can work out where the problem might be happening?

Thanks

yitz

2238 posts

Uber Geek
+1 received by user: 594

#2429838 1-Mar-2020 23:40

How are you connecting to the NAS from outside the LAN? If you are simply accessing via the external/public facing WAN IP address from within your LAN then this won't work for this particular router (HG659b default config doesn't come with NAT loopback rule).

BrettOnTheNet

75 posts

Master Geek
+1 received by user: 3

#2429840 1-Mar-2020 23:43

I am testing by connecting to my hotspot on my phone which is using cellular network.

I first noticed the problem when I was offsite at my coworking space though.

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#2429842 1-Mar-2020 23:58

On the IP address you're posting from the Diskstation is responding with a login page on :5001/HTTPS. I have not tested anything else.

I suspect perhaps your coworking space may be blocking other ports apart from the basic HTTP / HTTPS ports on their network.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

MadEngineer

4591 posts

Uber Geek
+1 received by user: 2570

Trusted

#2429843 2-Mar-2020 00:01

You’re using a VPN so that should be the only open port. You connect the VPN then access the nas.

You're not on Atlantis anymore, Duncan Idaho.

BrettOnTheNet

75 posts

Master Geek
+1 received by user: 3

#2429844 2-Mar-2020 00:03

michaelmurfy:

On the IP address you're posting from the Diskstation is responding with a login page on :5001/HTTPS. I have not tested anything else.

I suspect perhaps your coworking space may be blocking other ports apart from the basic HTTP / HTTPS ports on their network.

Hmm OK. That's really strange. I have been able to test this by using my hotspot in the past. I wonder why I am not seeing the same as you.

Thank you for that info. Very useful. I did not consider that the coworking space may have changed something.

BrettOnTheNet

75 posts

Master Geek
+1 received by user: 3

#2429845 2-Mar-2020 00:06

MadEngineer: You’re using a VPN so that should be the only open port. You connect the VPN then access the nas.

Yes you're probably right about that being the better way. I was trying to diagnose my VPN connection issues by also looking at a bunch of different ports that I had open at various points. All with a view to getting my VPN connection working again.

Thank you

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

Intravix

110 posts

Master Geek
+1 received by user: 49

#2429847 2-Mar-2020 00:11

Possibly not a necessary test, but have you tried (if possible) accessing it with the same device from another external network other than your coworking space? (mobile hotspot, friend's or public WiFi).

BrettOnTheNet

75 posts

Master Geek
+1 received by user: 3

#2429848 2-Mar-2020 00:11

Hmmm I think I might have some sort of firewall issue on my own machine. My phone can connect to the VPN no problem, but if I use the phone as a hotspot for my Macbook, I cannot connect.

That narrows things down significantly. I have changed security software recently. Dropped Norton for Avast. I'm betting that's the problem. I was looking at the wrong machine for the issue.

Thanks for all your help.

BrettOnTheNet

75 posts

Master Geek
+1 received by user: 3

#2429849 2-Mar-2020 00:13

Intravix:

Possibly not a necessary test, but have you tried (if possible) accessing it with the same device from another external network other than your coworking space? (mobile hotspot, friend's or public WiFi).

Yes, via mobile hotspot.

Intravix

110 posts

Master Geek
+1 received by user: 49

#2429850 2-Mar-2020 00:17

BrettOnTheNet:

Hmmm I think I might have some sort of firewall issue on my own machine. My phone can connect to the VPN no problem, but if I use the phone as a hotspot for my Macbook, I cannot connect.

That narrows things down significantly. I have changed security software recently. Dropped Norton for Avast. I'm betting that's the problem. I was looking at the wrong machine for the issue.

Thanks for all your help.

Sorry missed your part earlier RE using mobile hotspot. Glad to see you've potentially narrowed it down :)

1101

3141 posts

Uber Geek
+1 received by user: 1143

#2430066 2-Mar-2020 12:25

BrettOnTheNet:

...I have changed security software recently. Dropped Norton for Avast. I'm betting that's the problem. ...

FYI

In general , AVAST is a problem. Its no better than spyware/scareware/bloatware itself .
Get rid of it ASAP .
https://www.pcmag.com/news/the-cost-of-avasts-free-antivirus-companies-can-spy-on-your-clicks

Apple TV

Stream your favourite shows now on Apple TV (affiliate link).

BrettOnTheNet

75 posts

Master Geek
+1 received by user: 3

#2430135 2-Mar-2020 15:03

1101:

BrettOnTheNet:

...I have changed security software recently. Dropped Norton for Avast. I'm betting that's the problem. ...

FYI

In general , AVAST is a problem. Its no better than spyware/scareware/bloatware itself .
Get rid of it ASAP .
https://www.pcmag.com/news/the-cost-of-avasts-free-antivirus-companies-can-spy-on-your-clicks

Yeah - while I was reading up on the potential issue I came across several reports of such things. I actually liked Norton, but I was having big issues with it. It kept blocking my browsers from accessing the internet! So it had to go.

I will see if there is a better alternative.

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#2430157 2-Mar-2020 16:03

If you're using Windows 10 there isn't a need for any third party antivirus software. The built in protection is all you need and works very well.

Save your PC's resources and uninstall it all - ensure Windows Security is enabled and you're done :)

BrettOnTheNet

75 posts

Master Geek
+1 received by user: 3

#2430201 2-Mar-2020 16:12

michaelmurfy:

If you're using Windows 10 there isn't a need for any third party antivirus software. The built in protection is all you need and works very well.

Save your PC's resources and uninstall it all - ensure Windows Security is enabled and you're done :)

Using a MacBook Air

MadEngineer

4591 posts

Uber Geek
+1 received by user: 2570

Trusted

#2430209 2-Mar-2020 16:35

Set a temporary port forward to an internal device at port 80 then see if you can access your.ip:80 from the browser on your phone with wifi off. If not then something is stopping the port forwarding.

Who’s your isp? Orcon for example have an option to block common ports. Something that can turned off in your account settings.

Edit: missed the post marked as answer

You're not on Atlantis anymore, Duncan Idaho.