Remote file access on Synology NAS w/double-NAT & static IP

Discussion in 'Networking & Security' started by She loved E, Dec 2, 2019.

  1. She loved E

    She loved E [H]Lite

    Messages:
    64
    Joined:
    Dec 30, 2012
    I need to preface this by saying that I'm not a networking guy so please excuse some fumbling of terminology below. :wacky: I'll do my best to clarify anything that doesn't make sense.

    The environment I'm in is a shared workspace, kinda like WeWork but without any IT infrastructure or resources. There's a business-level ISP router that has a wifi network that everyone in the building uses. I had a networking friend help me come up with a gameplan for my own network within this environment, but he has recently gotten super busy and I'm not sure he'll be able to help me finish it.

    I ran a Cat5 cable from the ISP router to my USG, which is my edge device/firewall. Within that is a switch, controller, printer, a couple workstations, a couple PoE cams and the Synology NAS. We have internet, speeds are great, and I can monitor the cams & controller w/Unifi apps. I can also remote into the Synology control panel easy-peasy.

    Where I have been at a standstill is the double-NAT issue (ISP router + USG) preventing me from accessing the NAS files when not on the local network. Obviously we can't put the ISP router in bridge mode, because everyone else in the building uses it for internet access. So my networking friend said we can get a block of static IPs from the ISP to get around this. Before this, we had tried port forwarding, but could never get to the files. I also set up a bunch of things in the NAS settings to enable remote access (Quick Connect, DDNS, etc.) I now have a block of static IPs, but don't know how to configure the NAS and/or USG to use them. I also don't know what I'm trying to do from here to get this thing accessible.

    All I want to do now is map the root level folder of the NAS on remote clients so that we can access files outside the LAN. That's it. Can anyone help me with the next steps, or point me in the right direction? I've been searching related terms online and finding a ton of info, but I don't know what's relevant to me, or a good idea from a networking & security standpoint. I also know so little about this stuff that when I see advice like 'just edit the CLI and .json files!' it freaks me out.

    Any ideas? Thanks in advance!

    Edit: further context on the project is in this thread. The location now is the office environment described above.
     
    Last edited: Dec 2, 2019
  2. scrappymouse

    scrappymouse n00b

    Messages:
    56
    Joined:
    Mar 18, 2016
    If i'm understanding correctly your network is like the picture below, and when you're on your own "local" you can access your files, but when you're outside of that you're unable to access things remotely. If this topology is correct most likely you are being blocked by your ISP router as anything from the outside still needs to flow through that to reach your internal network. In order for things to reach your internal network from the outside you'd most likely have to add a route to your own network on the isp router,

    Or, as suggested in the other thread setup a VPN on your USG, which would be the safest option. Then when you need to access your files, your first connect to your VPN, then access your files.
     

    Attached Files:

    Last edited: Dec 3, 2019
    She loved E likes this.
  3. She loved E

    She loved E [H]Lite

    Messages:
    64
    Joined:
    Dec 30, 2012
    My networking friend was able to help me out yesterday, tldr is I'm dumb. To set the static IP on the USG we just had to assign it and DNS. Done! ISP router is no longer an issue. And you are correct, now I just need to set up VPN and we should be ready to rock.
     
    IdiotInCharge likes this.
  4. scrappymouse

    scrappymouse n00b

    Messages:
    56
    Joined:
    Mar 18, 2016
    Not dumb at all, networking is a huge topic where you can deep dive in many different areas....I've heard some even make a career out of it! Just keep trying to do things, break things, and ask for help it's how you become an expert!
     
  5. acascianelli

    acascianelli [H]ardness Supreme

    Messages:
    6,843
    Joined:
    Feb 25, 2004
    Are you really sure you want your NAS accepting traffic from the Internet sitting on the same network as your workstations?