Home storage Synology Beginner Help (Don't Route Storage Help!)

Very new to a lot of network topics, but learning a lot and have been watching many of the YouTube videos.

Currently I have Synology 6600 router with 2 Synology APs setup with 4 VLAN (192.168.1.1 for router and my 2 Synology NAS, *.10 for IOT/home network devices like streaming and phones, *.20 for my exposed services to include Plex and Audiobookshelf, and *.30 for my Hikvision NVR).

I currently have my proxmox on my *.1 network with my Synology, where I have NFS bind mounted, and then for plex/audiobookshelf I put them on the *.20 VLAN and for a few other services that are just for home use only I put them on the *.10 VLAN. I make firewall rules on my router that allows my IOT/home network talk to the plex IP on *.20 network which I believe would be routing storage? (I think this is where I am getting hung up). Would it be better to use the second NIC and put the NFS share from my Synology directly onto the *.20 network to avoid routing?

2nd question, I have a few services from my Synology that my wife and I access (Synology drive, Synology photos). Since my Synology is on the management *.1 network, I currently have a reverse proxy setup to allow drive.domain.com and photos.domain.com etc pointed to my *.1 network Synology. I then went into my Synology router and allow the IOT/home network (where my wife’s devices and our phones/iPads live) and only allowed my *.20 VLAN to access the IP address of the *.1 Synology for its services. Would I again be better off using the 2nd NIC to put the Synology directly on the *.20 vLAN so there isn’t routing on the network?

I’m sure the actual speed probably isn’t a huge use case in home setting, but my goal has been to separate cameras to a vLAN (done), keep a vLAN for the very few exposed services that don’t make sense for VPN (sharing plex and audiobook server, which I also would be totally fine just nuke and paving since the NFS shares are read only), and then main devices off the router/synology interface. This has made much much more complexity into a home network than I would have initially suspected, and does make some things harder (aka can’t access Synology va direct ip, setup the RP to make it easier to just allow access via firewall rule for one ip).

Appreciate any help and thoughts. Also apologize for my lack of knowledge in what is probably a pretty simple topic I’m not totally grasping.

Not routing storage is both to increase speed and eliminate issues of than can come with routing data through the firewall. I can also help with security when using services such as NFS that usually rely on IP address restrictions for access.

Using a second interface on the Synology for NFS and Proxmox might be faster but I would worry less about things like Plex as it’s transport method was designed to traverse routed networks.

If I’m understanding correctly in my setup one of my synology interfaces should be on same VLAN as my proxmox since I bind mount it, and I should use my other synology NIC to be on my IOT/wifi device network where we access our synology photos/drive (and use synology firewall to restrict access then)?

Yes, with NFS having that on a dedicated network would make more sense.