Remote file access on Synology NAS w/double-NAT & static IP

She loved E

Weaksauce
Joined
Dec 30, 2012
Messages
67
I need to preface this by saying that I'm not a networking guy so please excuse some fumbling of terminology below. :wacky: I'll do my best to clarify anything that doesn't make sense.

The environment I'm in is a shared workspace, kinda like WeWork but without any IT infrastructure or resources. There's a business-level ISP router that has a wifi network that everyone in the building uses. I had a networking friend help me come up with a gameplan for my own network within this environment, but he has recently gotten super busy and I'm not sure he'll be able to help me finish it.

I ran a Cat5 cable from the ISP router to my USG, which is my edge device/firewall. Within that is a switch, controller, printer, a couple workstations, a couple PoE cams and the Synology NAS. We have internet, speeds are great, and I can monitor the cams & controller w/Unifi apps. I can also remote into the Synology control panel easy-peasy.

Where I have been at a standstill is the double-NAT issue (ISP router + USG) preventing me from accessing the NAS files when not on the local network. Obviously we can't put the ISP router in bridge mode, because everyone else in the building uses it for internet access. So my networking friend said we can get a block of static IPs from the ISP to get around this. Before this, we had tried port forwarding, but could never get to the files. I also set up a bunch of things in the NAS settings to enable remote access (Quick Connect, DDNS, etc.) I now have a block of static IPs, but don't know how to configure the NAS and/or USG to use them. I also don't know what I'm trying to do from here to get this thing accessible.

All I want to do now is map the root level folder of the NAS on remote clients so that we can access files outside the LAN. That's it. Can anyone help me with the next steps, or point me in the right direction? I've been searching related terms online and finding a ton of info, but I don't know what's relevant to me, or a good idea from a networking & security standpoint. I also know so little about this stuff that when I see advice like 'just edit the CLI and .json files!' it freaks me out.

Any ideas? Thanks in advance!

Edit: further context on the project is in this thread. The location now is the office environment described above.
 
Last edited:

scrappymouse

Weaksauce
Joined
Mar 18, 2016
Messages
124
If i'm understanding correctly your network is like the picture below, and when you're on your own "local" you can access your files, but when you're outside of that you're unable to access things remotely. If this topology is correct most likely you are being blocked by your ISP router as anything from the outside still needs to flow through that to reach your internal network. In order for things to reach your internal network from the outside you'd most likely have to add a route to your own network on the isp router,

Or, as suggested in the other thread setup a VPN on your USG, which would be the safest option. Then when you need to access your files, your first connect to your VPN, then access your files.
 

Attachments

Last edited:

She loved E

Weaksauce
Joined
Dec 30, 2012
Messages
67
My networking friend was able to help me out yesterday, tldr is I'm dumb. To set the static IP on the USG we just had to assign it and DNS. Done! ISP router is no longer an issue. And you are correct, now I just need to set up VPN and we should be ready to rock.
 

scrappymouse

Weaksauce
Joined
Mar 18, 2016
Messages
124
My networking friend was able to help me out yesterday, tldr is I'm dumb. To set the static IP on the USG we just had to assign it and DNS. Done! ISP router is no longer an issue. And you are correct, now I just need to set up VPN and we should be ready to rock.
Not dumb at all, networking is a huge topic where you can deep dive in many different areas....I've heard some even make a career out of it! Just keep trying to do things, break things, and ask for help it's how you become an expert!
 

acascianelli

Supreme [H]ardness
Joined
Feb 25, 2004
Messages
6,888
Are you really sure you want your NAS accepting traffic from the Internet sitting on the same network as your workstations?
 

scobar

.
Joined
Jan 2, 2001
Messages
34,383
If port forwarding did not work, not sure you want to mess with a block of static IPs?
Something like Hamachi could possibly work here. If you are not a networking guy that would suggest to find one to help you, in the flesh, who knows your requirements and can help secure things.
 
Top