Squawk7777

Helllo!

I am trying to reach a NAS on my home network (from outside my home). I used to be pretty good with port forwarding settings, but I accidentally deleted my own notes and my brain ... never mind!

I have a QNAP NAS that is connected to a UNIFI dream machine that is connected to my Orange LiveBox.

WWW ----------> LiveBox -------------> Dream Machine -------------> QNAP NAS

I am trying to set up access to the QNAP NAS but my LiveBox and Dream Machine have their own local IP ranges, which makes setting up port forwarding difficult.
Let's say LiveBox has a local IP range of 192.168.1.1 to 2.200 and the Dream Machine a range of 192.168.0.1 to 0.499. The Dream Machine shows under LiveBox's local IP, the QNAP doesn't. The QNAP only shows under the Dream Machine's local IP.
I don't want to connect the QNAP directly to the LiveBox, I want to manage the QNAP through the Dream Machine. Would I need to set up a "double" port forwarding? From the LiveBox to the Dream Machine?

What a terribly complicated world!

Thanks,

7 7 7 7

P.S. I am able to access the QNAP NAS through QNAP cloud services, so there should be a way, I hope.

netstruggler

I’d think you’d need IP forwarding as well as port forwarding enabled on the Dream Machine to go between the subnets (ie making it act as a gateway).

….oh and .499 is not a valid IP address (255 maximum)

How do you access the NAS? Do you mount it as a drive on the remote computer, or just copy files from it using a Web Browser or ftp - or something else.

jimjim1

Double NAT should be OK. I have done it a few times. Some things get upset but mostly not.

I would.

Make sure that you can go back to the old configs.

Assuming only a single external internet address is available.

Choose addresses and reserve them - say on a piece of paper.
DHCP is OK as long as they are static.

Lets assume you want to use .7 for this device and we assume a
mask of 255.255.255.0.

QNAP real address 192.168.0.7, subnet 255.255.254.0.
QNAP NAT on network 192.168.1.0 subnet 255.255.255.0, for your sanity I would choose the same host portion, say .7.
QNAP translated port on the outside. Can be same port as used inside or a different port.


On Dream machine set up a static NAT to translate

192.168.0.7 to 192.168.1.7 for all ports

On LiveBox set up Port Address Translation to translate
the internal NAT and port 192.168.1.x:QNAP-native-port
to whatever you want to use on the outside.

n.n.n.n:QNAP-outside-port

Dream Machine config - static NAT
QNAP real address 192.168.0.7
QNAP NAT on middle network 192.168.1.7

LiveBox config - Port Address Translation
QNAP mid network 192.168.1.7:QNAP-native-port
QNAP outside network n.n.n.n:QNAP-native-port

I would recommend changing the outside port to something unusual.
Sure, it's security by obscurity but I would do it anyway.

In that case:-
LiveBox config - Port Address Translation
QNAP mid network 192.168.1.7:QNAP-native-port
QNAP outside network n.n.n.n:QNAP-outside-port

NAT can be a complex and head bending thing and I have here left many simplifying assumptions unaddressed.
Consider putting all the addresses on the network diagram. I did a lot of NAT once upon a time and we did a separate diagram for each NATted service with all the addresses and ports on it and also with a table of all the addresses and ports in order inside to outside, with a technical description of each one.

PS Thanks for the diagram, I don't often try to answer questions where the questioner expects me to draw the diagram. I can't do networking without diagrams:-)

netstruggler

This link describes what you need to do fairly clearly, and gives the necessary warnings. Providing remote access to a machine on your local network is pretty dangerous.

https://www.qnap.com/en/how-to/faq/a...qnapcloud-link

Thinking about it a bit more, if you can connect to the NAS via the QNAP cloud, the basics of your network setup must be correct.

If you tell us how you’re trying to connect, that will help with which ports need to be forwarded. Eg. Are you trying to copy files, stream movies, access web pages etc.

Do you have a static IP address on your Livebox? If not that complicates things.

awair

Does your router offer VPN Server capabilities?

This would be a better approach, if available.

Good luck.

Squawk7777

Oh my, look at this wealth of information!

netstruggler jimjim1 thank you for your replies.

I usually access the NAS through the QNAP cloud (Windows 10). That is the only way I can remotely access it. In my home network 192.168.0.27:443 (not sure about 443) usually works. The QNAP suggested alternative of https://98.765.43.21:443 (the address is an example of course) has never worked. I first suspected a firewall issue, but lately I have come to suspect an incorrect port forwarding issue.

I do not have static IP, but I have DDNS through no-ip which has worked mostly. My static IP address doesn't change much, maybe once or twice a year, usually following a longer internet outage.

The ultimate aim of all this is to set up (s)ftp (using WinSCP), syncing two NAS on remote networks (QNAP has an app for this), with local streaming of movies and music.



remote access (ftp/sftp)------------> NAS1 <-------sync--------> NAS2 <------------ remote access (ftp/sftp)
.....................................................I...... ..................... ...........I
.....................................................I...... .................................I
..........................................local access....................... local access
..............................................(DLNA, ...............................(DLNA,
.............................................ftp etc.)............................... ftp etc.)
...............................................R-Pi.................................. QNAP

........................................123.456.78.90 .......................987.654.32.10
...........................................w/DDNS................................. w/DDNS



I have succeeded in setting up NAS 1. You might laugh at me but the system is basically a Raspberry Pi to which I connected 4 drives (HDD and thumb) and managed by OpenMediaVault 5* with DDNS. I usually connect to this setup via WinSCP (Windows) and AndFTP on my mobile. That was basically my Corona vacation project and what sparked my interest.

* Despite having set up port forwarding, I cannot remotely access OMV5 on the R-Pi. Grrrrr!


I was able to pull up the local IP ranges:


.......................................................(Drea m M. IP) .................. QNAP IP

.......................................................192.1 68.1.26..................192.168.0.27

WWW ----------> LiveBox -------------> Dream Machine -----------> QNAP NAS

........................192.168.1.10 - ...............192.168.0.6 -
........................192.168.1.150 ................192.168.0.254
...........................................................1 92.168.0.1/24
............................................................ ..(subnet mask)

* LiveBox shows the Dream Machine's IP of 192.168.1.26, and the Dream Machine shows the QNAP's IP of 192.168.0.27.

The complication as of two days ago: I cannot access my NAS through the QNAP cloud. I had asked the wife to turn the QNAP NAS off and on again, but that did not help. The NAS still performs update checks (I get those auto confirmation emails), but is not remotely accessible at the moment, and I won't be home for another two weeks.

I have a longer layover in a few days and I'll try jimjim1 's setup and netstruggler 's link.

awair to the best of my knowledge Orange LiveBox doesn't offer VPN, but the dream machine does. I guess that'll be another interesting adventure setting it up!

Thank you all for your interest and help!

P.S. Sorry for all those dots in my schematics, but space characters get ignored.

awair

Can you put your Orange Box into Bridge mode?

If so, the Dream Machine would probably make a better firewall, to which you access via VPN for sync & QNAP access.

Good luck.