Skip

How can I access my NAS remotely?
September 22, 2012 5:07 PM   Subscribe

Does anyone know how to access a Synology (or other) NAS remotely -- esp. if they seem to be behind multiple routers in a big network?

I recently got a Synology NAS to use as a server since my new laptop has a pretty small SSD. One of the features I was excited to use was the ability to access this remotely -- Synology has apps for streaming media to your phone from the NAS, setting up security cameras, etc.

However, I can not for the life of me figure this out.

I think the problem is that I am behind multiple routers. I recently set up in a small co-working space, and I'm not really certain what the network setup is (and nobody else seems to know either).

Here is what I know:

- I plug my wireless router into an ethernet jack in the wall. The NAS is attached to the router.

- The NAS has options to configure my specific TP-Link router for port forwarding and all that. I have also tried virtual servers for the ports, and all sorts of other options.

- I think the problem is due to the network setup. When I check my public IP address, it is different than my WAN IP address. I am assuming that means that there is another router between me and the net.

- When I did a traceroute in my Mac's Network Utility, it seems there may even be a few routers, as it went from mine, to a 10.1.X.X IP and then to a 10.10.X.X IP, and then didn't go anywhere.

- So, I am guessing port forwarding isn't going to work, since incoming connections would go through those other routers first -- however, I'm not very good at this networking stuff, so this is a lot of trial and errors and research.

If this port forwarding stuff isn't possible, are there other options? Would a VPN be an option?

One note: I use LogMeIn to remotely access my Mac, and I had no trouble making that connection. Are they doing something secret, or does that mean some version of a remote connection may be possible with the NAS/Router software I am using.
posted by This_Will_Be_Good to Computers & Internet (6 answers total)
 
Sounds like you've got it right -- you're behind multiple NAT routers. So if you just port forward on the innermost (closest to you) router, you'll only be able to access the NAS from the next network. To get at it from the internet, you'd have to start at the router connected directly to the internet (with a public IP address) and start forwarding there.

Actually, depending on how your routers are set up, that might be the only thing you need to do. Try to get your computer on the 10.10.x.x subnet (or whatever's just one hop from the internet) and see if you can ping your NAS. If you can, just port forward on that router.

If you can't get the port forwarding to work, you could set up a VPN into your subnet, but then you'd have to forward from your VPN endpoint to the NAS. And you'd have to take steps to make sure the VPN is persistent. It can be done with a linux box, but it would take an afternoon for someone very familiar with linux networking config.

As an aside, LogMeIn works like Skype to establish peer-to-peer connections through multiple subnets. It uses an external server and some well-crafted UDP packets to set up the connection. So that would work in many situations where straight port forwarding might not.
posted by lalas at 6:35 PM on September 22, 2012


I am guessing that I am not going to have access to those other routers since they are run by a different department in a fairly large organization.

What options would there be without messing with the routers further upstream? I see that Synology has some sort of VPN app for their NAS boxes, but I am guessing I would run into the same problem?
posted by This_Will_Be_Good at 7:19 PM on September 22, 2012


Sounds like this would be a lot easier to do if you set the box up at home.

Messing around with the level of port forwarding you would have to do to get this to work on a corporate network probably isn't going to be feasible. You would just have to trade off transfer speed while at work for the ease of setting up a connection from anywhere.

Unless you want to be a super nerd baller and setup a headless linux box to run as a OpenVPN server. You can get the processing power for cheap these days, you just have to configure it yourself.
posted by KeSetAffinityThread at 8:55 PM on September 22, 2012


I recently set up a couple of Synology boxes for work. For any kind of remote access you'll need port forwarding. And to do that, you're going to have to open a path through the maze of routers.

As KeSetAffinityThread said, the quick solution is to put the NAS box somewhere else, where you have access to whatever routers sit between the NAS and the Internet.

Someone in your organisation knows how to get this working. You should probably find out who they are, because it's useful to know who to go to when things go wrong.
posted by pipeski at 1:23 AM on September 23, 2012


One thing you could try if you have a computer you control collocate with the NAS is to install Hamachi VPN on the computer and then set up shares or other access to the NAS. I have a Synology and use its VPN function, but you still have to do port forwarding. Hamachi VPN creates your own private network group that you may be able to use to get around it. It's a free Logmein product, so why not give it a try.
posted by reddot at 8:54 AM on September 23, 2012


Well, I got a look at the server and router room--it is a chaotic mess of wires and racks. There is some sort of Cisco router/asa thing in there that I think is the gateway, or at least one of the Cisco things is the gateway. So, while I have seen them, I wouldn't be the one to fiddle with them. However, we don't have a dedicated IT staff. So, I think I will have to pay someone to help me out.

So, if I wanted to make the most efficient use of their time so this doesn't break the bank, what exactly should I ask them to do?

When I was trying to set up the Synology myself, it had an automate feature that would open up all sorts of ports for various uses (WebDAV, http, https, FTP, etc). I don't entirely know what I want/need right yet, so do I just ask for one port or a range of ports? Is that what I am asking for? Ports? Or should I ask about a VPN? And if I use ports, does that mean that other people in the workspace can't use them, or are there lots of custom ports you can open? For example, could multiple people on the network all have their own FTP port?

Thanks for your help so far--I am a bit closer.
posted by This_Will_Be_Good at 10:57 PM on September 24, 2012


« Older Can my Kindle second generatio...   |  I'm badly depressed and anxiou... Newer »
This thread is closed to new comments.


Post