Synology External Access With SSL, Port Forwarding, and DNS!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hi I'm Willie with h.5 technology and welcome to my channel thank you for being here and I appreciate each and every one of you in the last Synology video we looked at how to use quick connect now in this video we're gonna do a couple different things we're gonna get an ssl certificate using let's encrypt for our Synology but then we're also going to set up a fully qualified domain name first analogy and we're going to do it two different ways first we're gonna do with the edge router and then we're actually going to install DNS on the Synology and then we're gonna do it that way so let's get to it here's our Synology that we're working with so we'll get logged in here and we've got to do a couple things we're gonna hop over to our edge router real quick so let me bring that guy up okay so we're logged in to our edge router but we've got to do a couple things first and the first thing that we're gonna do is we're gonna go over here to the wizards and we're gonna go down to the DNS host names and we're gonna add a new one and we're gonna call this we'll call it so Knology one dot o x5 dot-com and we'll put the IP address of the Synology and we'll go ahead and apply that and then the next thing that we've got to do is we've got to forward some ports through the router to this analogy so that let's encrypt will work properly at a minimum you have to have port 84 let's encrypt to connect to this analogy to be able to issue the certificate so we're gonna go over to our firewall nap we're gonna come over here our wayne interface is east zero the land interface that we're going to use is going to be BR 0 2 because that's where the VLAN lives that our Synology is on okay so now on our port forwarding rules since we've got our our land interface set to be our 0 2 what we're gonna do is we're gonna add three ports to begin with and the first one's gonna be 80 and we're gonna make it TCP and we're gonna do 192 168 60 9.25 and it's 80 and we're just gonna call this let's encrypt and then the next one's gonna be 5000 even though we're not gonna use 5000 if we hit that we want it to redirect so 5,000 will redirect you to 5,000 won so this would be was do cinema 1 there and then 5,000 won TCP will do five thousand won here alright so now we have all of the forwarding rules created that we need to be able to access the Synology from outside but we still don't have a certificate so we're going to go back over to our Synology and we're gonna do a couple things and then we're going to hop over to Google domains and we are going to create a dynamic DNS that matches what we created over here because we're doing what is called split DNS so we've got a DNS server internally resolving the local IP address and we're going to use the Google external servers to resolve the external IP address so that host name thus analogy one dot how X dot five we're gonna go out we're going to create a dynamic DNS for that alright so but first we're going to come over here to our Synology we're gonna go to the control panel and we're going to go to external access we're gonna add a DD and s here in just a minute but then we're gonna go here so to open files on the disk station with Internet services such as Google Docs what we need is we are gonna have this be Synology 1 dot how x five.com so we'll set that there now we're gonna leave the standard ports 5,000 5,000 1 so we don't need to fill anything in here but we do want to put our fully qualified domain name here alright so now what we're gonna do real quick is we're gonna hop out to Google domains and we are going to create the dynamic DNS that we need that will allow us to access this from the outside alright so we are logged into the DNS records at Google domains for how X 5 so we're going to do under synthetic records we're going to do dynamic DNS and then we are gonna do phonology 1 and we're gonna go ahead and add that then what I'm gonna do is I am going to pull those credentials out if you're not familiar with this you can go back and look at my channel for another Google dynamic DNS with USG to go walk through this process a little bit more so what we got to do is we've got to grab these credentials and then we're going to install them in the Synology and get the external DNS up and going and then we will get our let's encrypt certificate and we should be in good shape ok so we have our our hostname our dynamic DNS hostname and then we have the credentials so what we're gonna do under D DNS under control panel external accesses were going to add and we are gonna add they actually have Google available here so this is going to be Synology one got how X 5 calm and then we're gonna put in the credentials that you saw on the notepad so I'm gonna paste those in here and we're gonna click OK all right so we have paste it in our domain name and our credentials so we're gonna go ahead and do ok and now you're gonna see right here it's going to come up Google Synology 1 dot how X f5 here's the external address and our status is going to be loading so as soon as this comes up and works then we will proceed to get our certificate issue alright so you can see it says our status is normal so we are registered so this is good to the outside world now and last updated time it shows us that it was updated on the 12th and 815 so now what we're gonna do is we're gonna go over here to security and we're gonna go to certificate and we're going to go to add and what we're gonna do is we're going to add a new certificate we're going to call this let us call this h5 we're gonna get a certificate from let's encrypt and here we're gonna put in so knowledge e 1.5 X 5 comm and then I'm gonna put my email address in and I'm gonna click apply now remember if you don't have port 80 forwarded this is not going to work but I'm gonna go ahead and I'm going to click apply and so now the Synology is going out to the let's encrypt servers and you can see immediately it has come back and it has issued an SSL certificate force analogy one dot how x5 dot-com and we can come in here and configure the services so I'm actually going to make the default certificate for all of these Synology one dot how x five dot com it's going to restart the webserver now what we're gonna do is we are going to access the Synology using this fully qualified domain name and then we're going to set up DNS on here and then we'll point our client to this DNS server versus doing it on the edge router so you can see it either way and I will tell you that if you have a Synology but you also have a linux box so running bind even with web men can really test your your skill as an administrator sometimes if you have a Synology do yourself a favor and use the DNS on the Synology and we're gonna see that here in just a second so what I'm gonna do is I'm gonna type in our fully qualified domain name up here and you're gonna see we're gonna get the green padlock so now you can see when I go to Synology one dot how x5 com : five-thousand one that I have a green padlock so that is all it's it's good it's it's good to go and the let's encrypt certificate will automatically renew so we're gonna go ahead and we're gonna log in here and now what we're gonna do is we're going to go over to the package center and we are going to search for DNS and we are going to install DNS server alright DNS server is installed so we're gonna go ahead and open that first thing we're gonna do is we're gonna click on resolution and we're gonna click enable resolution and then we're gonna have a forwarder in there so any domain zones that our DNS server doesn't know about locally it's gonna forward out to another DNS server to resolve and we're just gonna leave that at a 1 dot one dot one dot one so now what we're gonna do we'll click apply and then we're gonna go over here to zones and now we're gonna create a master zone and it's going to be a forward zone so the difference between a forward zone and a reverse zone is a forward zone Maps a name to an IP and a reversal zone maps an IP to a name so we're gonna do a forward zone and it's going to be how x5 comm and this is going to be the master DNS server and this should do it I actually can't get down to I need to zoom out on my screen real quick and now I'm gonna go ahead and click OK so now we have a DNS zone for how x5 s we're going to come in here and we're gonna go to edit and we're gonna do resource record and what we're gonna do here is we're gonna create an a-type record and we're going to call it Synology one and that you can leave the default TTL and that's time time-to-live and it's going to be 60 9.25 will even create another one will do unify and that is 192 it's good 606 that 10 so we've got both of those in there so now what we're gonna do is we're going to pull up the settings on our network adapter and we're going to point it to the Synology to be our DNS server all right so I've got my network connections open here I'm bringing up the properties for my Ethernet and we're gonna go in here and we're gonna make that's sixty 9.25 our DNS server and now we're gonna bring up a command prompt and we're gonna do an NS look up on Synology one on how x5 comm it hits our DNS server and it's successfully resolved so we'll do and in this look up on Synology or on unify and there it is so and now what we could do is we could actually load this website or load the Synology from outside now by the time you see this video I'll have pulled these records down because I don't want you accessing my Synology directly but that's it if you follow these instructions and you shouldn't have any issues you should be able to get this going you know do the port forwarding and all that and you should be okay so if you liked this video please give me a thumbs up please subscribe please comment and share please follow me on Twitter and Instagram if you need consulting for Synology granstream ubiquity you name it you know voice over IP networking and security you go to h5 llc.com if we can't help you we can get you to somebody who can and that's our promise to you we have a discord channel the link is down there charlie is our admin e does a wonderful job come on over and say hi if you'd like to buy any of the products that you see here on the channel we do have an amazon shop down below and as always I want to thank you for being here and we'll see you in the next video you
Info
Channel: Willie Howe
Views: 138,676
Rating: undefined out of 5
Keywords: synology, synology external access, synology let's encrypt, let's encrypt, synology ssl, port forwarding, synology dns, split dns, synology dns server, ubiquiti networks, ubiquiti edgerouter, edgerouter port forward, synology secure access
Id: daIelVuKlYQ
Channel Id: undefined
Length: 13min 14sec (794 seconds)
Published: Wed Jun 13 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.