HTTPS config on Synology

Hello all, So I’ve set up HTTPS on my Synology NAS using Let’s Encrypt. Everything worked correctly once configured. I set up port forwarding on my pfSense as per the instructions, everything worked when connecting to the NAS from my VLAN 10 network ( I have 4 VLAN’s 10, 20, 30, 40 with only VLAN 10 having access to the LAN). So as stated, I’m able to access the NAS with HTTPS, get the lock, all works. Once I try from my LAN, I’m unable to get to the login screen, times out. BTW, the NAS is located on the LAN network The VLAN 10 is 192.168.10.x. When I remove the settings on the NAS, I’m able to access via the IP and unsecured.

My pfSense setup isn’t anything crazy, LAN only has 3 rules, pretty much set up as Tom’s Youtube videos. The Synology box is a DS918+, with settings configured via External Access, status is showing “Normal”
So I hope this is something really dumb that I messed up or didn’t do correctly? any suggestions to point me in the right direction would be great! Thanks in advance.

Odd issue, if you are having trouble accessing it from a different subnet than the Synology is on then it is likely a firewall rule. You can use pftop to trace out connection to figure out where they stop.

1 Like

Thanks Tom, the Synology is on the same subnet which won’t allow access via https. I’m able to access it from the other subnet 192.168.10.x. When attempting on the same subnet 192.168.5.x, it times out. What I’ve done in the interim is uncheck the Auto redirect http to https until I sort this out. I looked at my rules, can’t see anything that stands out. I’ve attached three screenshots of the NAT, and firewall rules.

Here’s the screenshot of the Synology setting.

Hey Tom, I finally had time to have another look at my issue (been out of town past week). What I found, by going into the System/Advanced/Firewall & NAT, then down to Network Address Translation. I had it originally set to “Pure NAT”, I changed to to “NAT + proxy” and now it’s working, I’m able to access my Synology that’s located on the LAN network from the same subnet. From what I’ve read, either works, but for me, I had issues with Pure NAT, and making the switch seemed to have resolved the issue. Any thoughts why it works this way?

Not really sure, I don’t think it’s a problem I have run into.

After going through your videos, I’m in the process of setting everything up with Acme and haproxy. I’m not really very keen on poking holes in the firewall, plus for me, this is a great opportunity to learn something new. Thanks again Tom for all your videos, help a lot with the learning curve.

1 Like

So glad this was still in here! I’m mid-level with pfsense, but I went and watched Tom’s video again and setup my port forwarding and ensured I had Pure NAT enabled as the system default. Everything worked well outside my network but none of the port forwards would hairpin back!

Changed the default to NAT + Proxy and BOOM! Everything works!

I have a similar setup using Synology as my proxy and Pure NAT just did not work. I even went as far to put in DNS resolver host overrides. Overrides showed to be working on dig but no web page.

Might need an ** for us Synology proxy users.