…without snark or jumping down my throat. I genuinely want to know why it’s so unsafe.
I’m running a Synology DS920+, with my DSM login exposed through a Cloudflare tunnel. I have 2FA enabled, Synology firewall enabled with these rules in place. I also have this IP blocklist enabled.
After all of this, how would someone be able to break in via the DSM login?
If you open your login page to internet without security, someone one day will have a field trip inside your NAS files and will find all your “i know what you did last summer” photos.
I do have DS423+ and i am too using Cloudfare tunnel to access it from anywhere.
My CF Tunnel setup done like this:
Domain: nas.example.com points to http://1.2.3.4: and i have 2 access rules added.
One of these rules NEEDS to match otherwise - “You Shell Not Pass”
#1: Public IP needs to be matched as my public IP
#2: Person who wants to login needs to authenticate via Google Authentication. Google authentication needs to match test1@gmail.com or test2@gmail.com
While i am at home, i use nas.example.com to access my nas instead of using its local IP and cloudflare allows access with no questions asked.
While i am outside my home network i get asked to authenticate via google and gain access this way.
+CF Tunnel adds https automatically for me.
I don’t use any firewall setup or any other rules inside NAS.