Netgate 6100 Setup Help

I have basic functionality setup on my new 6100 in that I can access internet on LAN and I have OpenVpn setup so I can access it remotely. However, I am stuck trying to setup some extra interfaces and need some guidance on where to put certain rules.

Done:

• LAN setup and working - might want to look at best practices once more
• WAN dedicated IP setup and working - might want to look at best practices once more
• All interfaces has a static IP and DHCP.
• For now LAN interface is 1 port on 6100 that is connected to a bigger switch.
• For now NAS interface is is set to 1 of the 6100 ports directly. If I need more devices, I can add a switch to that port or eventually VLAN it and setup some tagged ports on larger switch.

Need:

• NAS interface with WAN access to certain Synology ports to the NAS box from WAN interface.
• Web gui access to NAS box from LAN interface but NO access from NAS interface to LAN interface
• NAS interface does not really need internet browsing access at all as it is just the NAS box.

I’m confused as to where to where to put certain rules - on the WAN or the NAS, etc.

Anyone able to work with a newbie?

Question 1 - you need to setup portforwarding from the wan to the nas ip address

Question 2. create lan firewall rule to allow access to the NAS interface

Question 3. create nas firewall rule to block all traffic to the internet. Being a nas it may required ntp access.

Video for home rules, but the rules still apply

Thank you @Paul I’ll give those a look!

Getting further now … I have the NAT set and looked at some rules. Now I am trying to test some stuff but I am at my day job network and the 6100 is at home network. I can use OpenVpn just fine to connect to home LAN network. What rules are needed to allow OpenVpn to access NAS network and maybe port 3389 as well? Are those rules in WAN, OpenVpn, and NAS interfaces?