Refi
Remove Ads

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Multiple synology servers on same network - external access
#1
Hi,

We're a small office with no IT support and have a Draytek 2860ac router to supply our wired and wireless internet. We have a synology server which we have port forwarded and can be accessed off-site via SFTP, along with via synology's quickconnect service.

We've just bought an extra synology device (server 2) which we'd also like access offsite, and to be used as a backup destination for a third synology server (server 3) (off site, backing up via the synology shared folder sync over port 2223) but we keep getting a failed connection. I've set up the port forwarding on the router so that port 2223 goes to the fixed IP of server 2, but without any luck. Additionally, testing off site and using the no-ip web address we have on this new synology server takes me to the router login page (192.168.1.1:8080) rather than the synology - 192.168.1.62

I've set up port forwarding for server 1, with ports 5000,873,5001,5005,5006,20,21,21,80 all being directed to server 1. Have I caused issues doing this? Is there anything I need to do from the synology itself?

I expect I've not set up the router port forwarding correctly or missed something, but can anyone help me port forward multiple synology devices please?

Thanks very much

TCR
Reply
#2
The default port on Server 2 is the same as on Server 1. You are forwarding port 2223 to the FIXED IP of Server 2, but to which port? You probably want to forward port 2223 to port 5000 on server 2. Once you have that working, consider changing the default port on server 2 to something else, and forward 2223 to that port.

Turn off "external access" to the administration pages on your router, both for security reasons, and so that the router won't effectively block access to your web server from outside your LAN.
Reply
#3
Wow, thanks for the quick reply! Having read your reply a few times, I think I've set up the port forwarding all wrong.

If Server 1 is using https (port 5001), and server 2 is using https (port 5003 which I've manually changed on the DSM) would my port forwarding need to be like the below?

For port 5003 access:
Public port 5003
Private IP = fixed IP of server 2
Private Port = 5003

Then the forwarding for port 2223 for secure backup:
Public port 2223
Private IP = fixed IP of server 2
Private Port = also 5003? I've been putting 2223 here at the moment.

If so, then with the other ports, I assume if I want them 'open' then the public and private ports are the same, so 873,5005,5006,80 and the newly made 5003 would need to be 'open'?

Then to access SFTP on server 1 (port 22), and for SFTP on server 2 (port 222), I'd do

Public port 22
Private IP = fixed IP of server 1
Private Port = 5001

Public port 222
Private IP = fixed IP of server 2
Private Port = 5003

--------------------------------

Edit - I think I'm wrong! I just changed Port forwarding for port 22 to a private port of 5001 and no longer can access SFTP to that synology. I've changed it back to 22 as both the public and private port and it works again...
Reply
#4
The internal ports can all be the same. The router (where you are setting up NAT forwarding) is where you determine where things go based purely on incoming port number. So for example:

Server 1 has http set to 80.
Server 2 has http set to 80 as well.

On the router, you set incoming as follows:
Anything on port 80, route to server 1 port 80
Anything on port 8080, route to server 2 port 80

Then externally, for web access to server 1 you would use http://external_name and for access to server 2 you would use http://external_name:8080

Does that make sense?

Alan
Alan
Forum administrator
Reply
#5
I think I'm getting there, thanks for the continued help! I'm sure once it's clicked I think it's really simple, but I'm still a bit fuzzy at the moment.

Https wise, I've managed to sort the certification for the 2 servers, so that one goes to 5001 and the other goes to 5002. Port forwarding all works. Hooray!

I can't check the shared folder sync works at the moment, should be able to next week. Here's what settings I have available:

Source server -
Shared Folder Sync has a box called "Customise SSH encryption port for encrypted shared folder sync"

Destination server -
Files Servives, rsync has an option to choose the "SSH encryption port"

I've chosen 2223 for both of these boxes, I should then set up port forwarding for 2223 to the fixed IP of the destination server right?

Shared folder sync requires port 873 too, I should route that to the destination server too right?
Reply
#6
Brilliant, thanks very much - all working now!

A follow up question... is there a way to remove the server from the like of local network drives, specifically on mac OSX? I've tried turning off Bonjour but that just changes the icon in the network window on my Mac, rather than the server icon of the other mac. I don't want it there at all so no-one on the network can see it. Is that possible?
Reply
#7
Isn't it just Control Panel -> File Services -> Disable SMB ?

Alan
Alan
Forum administrator
Reply
#8
It doesn't seem to be, unless I missed something. I've turned off SMP and AFP and it still appears in my 'shared' window of my macs.
Reply
#9
Try turning off EVERYTHING:
In control panel on the diskstation, under the SMB/AFP/NFS tab, uncheck Enable on all three services.
Then go to the advanced tab, and uncheck bonjour, SSDP, and WS-Discovery.
Reboot the macs and see if they still see it.
Reply
#10
Ahha - turning off that and SSDP has done the trick. Thanks!
Reply


Forum Jump:


Users browsing this thread:
Refi
Remove Ads